The SonicWall Capture Labs threat research team has uncovered a new Android Remote Access Trojan (RAT) that not only targets Android devices but also incorporates sophisticated phishing attacks to harvest user credentials. This malware, disguised with the icons of well-known Android apps, aims to deceive users into installing the malicious application.
Upon installation, the malicious app requests two critical permissions: Accessibility Service and Device Admin Permission. By obtaining these permissions, the malware gains control over the victim’s device, allowing it to execute malicious actions without the user’s knowledge.
The malware establishes a connection with a Command-and-Control (C&C) server to receive instructions. It can execute various commands, including reading messages and call logs, accessing the device’s contact list, retrieving installed app information, changing the device’s wallpaper, sending messages, and even toggling the device’s camera flashlight.
One alarming aspect of this malware is its utilization of phishing attacks. It prompts users to enter their credentials into fraudulent HTML pages, mimicking popular Android applications. The harvested credentials are then sent to the attacker-controlled server, compromising the victim’s sensitive information.
Moreover, the malware attempts to evade detection by continuously evolving. Recent samples of the malware have been uploaded to malware-sharing platforms, indicating an ongoing threat to Android users.
SonicWall provides protection against this threat through its Capture ATP w/RTDMI solution. Users are advised to remain vigilant and ensure their devices are protected with up-to-date security measures.
(Source: SonicWall)
Leave a Reply