Once the malware receives commands from the C2 server, the malware proceeds to harvest credentials from browsers and other Android applications by displaying a fraudulent login page using the HTML files ( phishing ). The infection chain of this malware starts after the malicious application is installed on the victim’s Android devices.
Disclaimer: This article is part of X-Force OSINT Advisories automated collection to enable faster integration of open-source articles to client environments. All credit and copyright goes to the original authors.
Reference:
https://gbhackers.com/android-malware-mimics-social-apps/
Sample Indicators of Compromise:
d09f2df6dc6f27a9df6e0e0995b91a5189622b1e53992474b2791bbd679f6987d8413287ac20dabcf38bc2b5ecd65a37584d8066a364eede77c715ec63b7e0f137074eb92d3cfe4e2c51f1b96a6adf33ed6093e4caa34aa2fa1b9affe288a5093df7c8074b6b1ab35db387b5cb9ea9c6fc2f23667d1a191787aabfbf2fb23173ecf941c1cc85ee576f0d4ef761135d3e924dec67bc3f0051a43015924c53bfbb