Skip to main content

ViceLeaker Android malware steals call recordings, photos, videos & texts

Israeli Citizens are the Primary Target of New Android Mobile Spying Campaign Using ViceLeaker Malware, says Kaspersky.

Kaspersky Lab researchers discovered an Android malware campaign active since 2016 and still going strong. Dubbed ViceLeaker; researchers claim that it is the product of a group of hackers that is specifically targeting Middle Eastern and Israeli citizens.
ViceLeaker campaign utilizes the notorious surveillance malware called Triout, and Kaspersky researchers detected it for the first time in May 2018. It is worth noting that Bitdefender also reported about the campaign in one of their recent blog posts, therefore, Kaspersky isn’t the only firm to have detected the malware campaign.
Initial analysis revealed that hackers were targeting “dozens of mobile Android devices belonging to Israeli citizens.” The spyware sensors used by Kaspersky detected attack signals from the device belonging to one of the victims along with the hash of an Android application (APK) involved in the attack.
ViceLeaker Android malware steals call recordings, photos, videos & texts
Attribution flow of the malware (Screenshot: Kaspersky)
Researchers then tagged a sample of their own to inspect further and discovered that the APK’s inner functionalities included launching a malicious payload, which was already embedded in the APK’s original coding.
This means, it was a customized spyware program developed to extract sensitive data. To disassemble the original application’s code and add the malicious one, attackers have used the Smali injection technique. The research findings were released by Kaspersky in a private report to notify and alert citizens regarding the newly discovered campaign. The report reveals that the malware can steal call recordings, photos, videos, text messages, and location data without alerting the user.
Furthermore, what’s worse is that the malware is also equipped with backdoor capabilities such as it can upload/download/delete files, control the camera and record audio files, initiate calls and send out text messages to certain numbers. 
Although it is unclear who is behind the campaign, researchers used an exposed email address to track the attacker’s footsteps to Iran.
ViceLeaker Android malware steals call recordings, photos, videos & texts
WHOIS records of C2 server exposing the attacker’s email address (Screenshot: Kaspersky)
“We are currently investigating whether this group might also be behind a large-scale web-oriented attack at the end of 2018 using code injection and exploiting SQL vulnerabilities. Even when this would not be directly related to the Android malware described in this blog post, it would be an indicator of wider capabilities and objectives of this actor,”Kaspersky said in a statement.
 What’s most concerning is the fact that malware attacks against Android users are at its peak. In the last couple of days, researchers have already exposed two other campaigns targeting unsuspecting users including cryptomining malware and malware capable of bypassing 2FA and stealing the one-time password.
It is advised that you must refrain from downloading unnecessary apps from Play Store and third-party websites. Moreover, keep your device updated and use reliable anti-virus software at all times.

Comments

Post a Comment

Popular posts from this blog

List Of Sql Infected Sites-HACKEREAD

SQL injection  is a  code injection  technique, used to  attack  data-driven applications, in which malicious  SQL  statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).  SQL injection must exploit a  security vulnerability  in an application's software, for example, when user input is either incorrectly filtered for  string literal   escape characters  embedded in SQL statements or user input is not  strongly typed  and unexpectedly executed. SQL injection is mostly known as an attack  vector  for websites but can be used to attack any type of SQL database. List of SQL Infected sites:  http://www.genhound.co.uk/source.php?id=477 http://www.lcoastpress.com/journal.php?id=8 http://www.travellers-tales.co.uk/travelJournal.php?id=42 http://www.arrowvalves.co.uk/content.php?id=8 http://www.reaplasrack.co.uk/content.php?id=129 http://www.arrowval...
Post a Comment
Read more

Google dork list for XSS (Cross- site scripting)-2020

GOOGLE DORK LIST FOR Cross-site scripting -2020 Google Dorks  its also known as google query ,List “Google Hacking” is mainly referred to pull the sensitive information from Google using advanced search terms that help users to search the index of a specific website, specific file type and some interesting information from unsecured Websites. Google Dorks list  2020 can uncover some incredible information such as email addresses and lists, login credentials, sensitive files, website vulnerabilities, and even financial information (e.g. payment card data). Here you can see an example to understand how  Google Darks   password  used by hackers to gain sensitive information from specific websites. You can also use for Exploit DB site to give you according to you Search state. https://www.exploit-db.com/ “ inurl: domain/ ” “ additional dorks A hacker would simply use in the desired parameters as follows: inurl = the URL of a site you want...
Post a Comment
Read more

Popular Android Zombie game phish users to steal Gmail credentials

The app made its way to Google Play Store was also found phishing users for Facebook credentials. Scary Granny ZOMBY Mod: The Horror Game 2019 is the latest game on Google Play Store that is condemned by the digital security fraternity for sneakily stealing personal data from unsuspecting users. The game, which has been downloaded for over 50,000 times, was available for Android devices making Android users its primary target. The malicious app attempts to collect sensitive information such as Facebook and Gmail login credentials. The malicious activities of Scary Granny ZOMBY Mod were detected by the mobile security firm Wandera. The company found out that the app asks users to enter their Gmail or other Google account credentials, which are then used for collecting private data of the user by hijacking the account –  All of this happens, unsurprisingly, without alerting the user. Gmail phishing page on the supposed gaming app (Screenshot: Wandera) Rese...
Post a Comment
Read more