2025-01-31 01:10:00 Pacfic
DONOT Group deploys Android malware in India - 7d
The DONOT APT group deployed malicious Android applications, ‘Tanzeem’ and ‘Tanzeem Update,’ to conduct intelligence gathering operations targeting individuals and groups in India. These apps, disguised as legitimate tools, are designed to collect sensitive information and pose a threat to national security interests. The campaign highlights the targeted use of mobile malware for espionage.
BadBox malware preinstalled on 30000 German devices - 17d
The BADBOX malware campaign has compromised over 30,000 Android devices in Germany, including digital photo frames, media players and possibly smartphones. The malware is pre-installed on the devices, exploiting outdated Android versions. The German Federal Office for Information Security (BSI) has taken action to disrupt the communications between infected devices and command-and-control servers. This campaign highlights the risks associated with insecure supply chains and pre-installed malware on IoT devices, and emphasizes the need for rigorous security checks and device updates to prevent similar incidents.
MOONSHINE Exploit Kit and DarkNimbus Backdoor - 24d
The Earth Minotaur threat actor is leveraging the MOONSHINE exploit kit to target vulnerabilities in Android messaging applications. This leads to the installation of the DarkNimbus Android backdoor, enabling long-term surveillance. The MOONSHINE kit exploits vulnerabilities within messaging apps to gain initial access.
DroidBot Android RAT Targets Banks and Crypto Exchanges - 10d
DroidBot, a novel Android RAT, targets 77 banks, cryptocurrency exchanges, and national organizations. It combines VNC and overlay attacks with keylogging and UI monitoring. Campaigns have been detected in Europe and potentially spreading to Latin America, highlighting the threat of advanced Android malware targeting financial institutions. DroidBot’s sophistication and wide reach make it a significant concern.