![]() ![]() ![]() For instance, the service can be triggered by the installation of the application and by the BOOT_COMPLETED action, which is called after the device has completed the boot process. The service can achieve these goals by using multiple methods. This is done by a service that periodically contacts the C&C and updates the malware’s configuration accordingly. After the permissions are granted, the malware displays a landing page that it receives from the C&C server and immediately hides its icon. However, since a C&C server controls the message that was delivered, it could be pointed to other malware payloads and phishing websites. Upon clicking the link, the recipient of the message is sent to a fake Netflix website, where the victims are prompted to enter their payment details and login credentials. “2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. The following response is sent to the victim: ![]() BizCarta’s threat intelligence team sandboxed the application and found out that once the application is installed, the first permission allows the malware to read your personal and sensitive information, while the second allows it to read and respond to all your incoming notifications, including those from WhatsApp. However, instead of allowing the user to view the Netflix content, the application is actually designed to monitor the user’s WhatsApp notifications, and to send automatic replies to the user’s incoming messages using content that it receives from a remote command and control (C&C) server. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |