Security News > 2021 > January > Experts Sound Alarm On New Android Malware Sold On Hacking Forums
Cybersecurity researchers have exposed the operations of an Android malware vendor who teamed up with a second threat actor to market and sell a remote access Trojan capable of device takeover and exfiltration of photos, locations, contacts, and messages from popular apps such as Facebook, Instagram, WhatsApp, Skype, Telegram, Kik, Line, and Google Messages.
The vendor, who goes by the name of "Triangulum" in a number of darknet forums, is alleged to be a 25-year-old man of Indian origin, with the individual opening up shop to sell the malware three years ago on June 10, 2017, according to an analysis published by Check Point Research today.
Piecing together Triangulum's trail of activities, the cybersecurity firm said the malware developer - aside from drumming up publicity for the RAT - also looked for potential investors and partners in September 2017 to show off the tool's features before offering the malware for sale.
While the 2017 product was sold for a flat $60 as a lifetime subscription, the vendors pivoted to a more financially-viable model in 2020 by charging customers anywhere between $30 to $190 for the Rogue malware.
Rogue - which appears to be the latest iteration of a malware called Dark Shades that initially sold by HeXaGoN Dev before being purchased by Triangulum in August 2019 - also comes with features taken from a second malware family called Hawkshaw, whose source code became public in 2017.
"Mobile malware vendors are becoming far more resourceful on the dark net. Our research gives us a glimpse into the craziness of the dark net: how malware evolves, and how difficult it is to now track, classify and protect against them in an effective way," Check Point's Head of Cyber Research, Yaniv Balmas, said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/_mOsbV5_NvM/experts-sound-alarm-on-new-android.html
Related news
- Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users (source)
- New LianSpy malware hides by blocking Android security feature (source)
- New macOS Malware TodoSwift Linked to North Korean Hacking Groups (source)
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)