Nova zlonamerna programska oprema MasterFred cilja na Netflix, Uporabniki Instagrama in Twitterja

Nova zlonamerna programska oprema za Android, MojsterFred, uses phishing overlays that simulate logins to steal bank card information from Netflix, Uporabniki Instagrama in Twitterja.

The first MojsterFred sample was uploaded to VirusTotal in June 2021, glede na Bleeping Computer. tudi, malware analyst Alberto Segura shared a second sample of malware a week ago, saying that it was used against users from Poland and Turkey.

Trenutno, experts from Avast Threat Labs have studied the new malware, discovering that the banker is abusing the Accessibility service APIs to display malicious overlays and tricking victims into entering their bank card details.

While abuse of the Accessibility service is a common behavior for Android malware, MasterFred has a number of distinctive features. Na primer, malicious applications used to deliver malware to devices include HTML overlays used to display fake login forms and collect financial information about victims.

Poleg tega, the malware uses the Onion.ws gateway (also known as the Tor2Web proxy) to deliver stolen information to Tor servers controlled by hackers.

Since at least one of the malicious apps with MasterFred on board was available in the Google Trgovina z igračami (it has now been removed), the researchers are confident that the banker is spreading through third-party app stores.

Indicators of compromise for MasterFred, including hashes and C&C server domains, have already been posted on Twitter by Avast Threat Labs.

Naj vas spomnim, da sem to tudi napisal BloodyStealer malware hijacks Steam, Epske igre Store and EA Origin računi.