by Daniel Lunghi and Jaromir Horejsi – Back in February, we noted the similarities between the Patchwork and Confucius groups and found that, in addition to the similarities in their malware code, both groups primarily went after targets in South Asia. During the months that followed in which we tracked Confucius’ activities, we found that they were still aiming for Pakistani targets.
During their previous campaign, we found Confucius using fake romance websites to entice victims into installing malicious Android applications. This time, the threat actor seems to have a new modus operandi, setting up two new websites and new payloads with which to compromise its targets.
Fake Android porn app and Windows chat applications as lures
The first website uses adult content as a lure, via an Android application called Fuddi Duniya, which links to a website that displays nude pictures every day. The app’s APK is linked directly from the homepage, with a disclaimer stating that Google Play does not allow pornography in their store…
Lese weiter auf: Confucius Update: New Tools and Techniques, Further Connections with Patchwork
Quelle: TrendLabs Malware Blog
Kommentare und FragenMöchtest Du zu diesem Artikel ein Kommentar abgeben oder hast dazu eine Frage, dann mach dies bitte immer auf der Herausgeberseite!
Aktuelles von TrendLabs Malware Blog
- Exploring Emotet: Examining Emotet’s Activities, Infrastructure
- November Patch Tuesday Fixes Another Zero-Day Win32k Bug, Other Public Vulnerabilities
- Using Machine Learning to Cluster Malicious Network Flows From Gh0st RAT Variants
- Hide and Script: Inserted Malicious URLs within Office Documents’ Embedded Videos
- Cryptocurrency-Mining Malware uses Various Evasion Techniques, Including Windows Installer, as Part of its Routine
- Fake Banking App Found on Google Play Used in SMiShing Scheme
- Trickbot Shows Off New Trick: Password Grabber Module
- Perl-Based Shellbot Looks to Target Organizations via C&C
- Gathering Insights on the Reemergence and Evolution of Old Threats Through Managed Detection and Response
- Disrupting the Flow: Exposed and Vulnerable Water and Energy Infrastructures
Diese Information erscheint unabhängig vom Artikel!