Security News > 2022 > August > Hackers install Dracarys Android malware using modified Signal app
Meta first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities.
While Meta mentions laced versions of Telegram, WhatsApp, and YouTube, Cyble's investigation only uncovered a trojanized version of the Signal messaging app.
The hacking group delivered the app to victims via a phishing page made to appear as a genuine Signal download portal, using the domain "Signalpremium[.]com," as shown below.
The threat actors also added the Dracarys malware to the source code when compiling the messaging app.
Dracarys also abuses the Accessibility Service to auto-grant additional permissions and continue running in the background even if the user closes the Signal app, raising its privileges and "Clicking" on the screen without user interaction.
Using social engineering to impersonate legitimate companies and people is rampant despite Meta's efforts to discover and block fake accounts, so hacking groups like Bitter APT are bound to continue to utilize new accounts to convince users to install their malware.
News URL
Related news
- Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool (source)
- State-Sponsored Hackers Weaponize ClickFix Tactic in Targeted Malware Campaigns (source)
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- New Android malware steals your credit cards for NFC relay attacks (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (source)
- Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign (source)
- Russian army targeted by new Android malware hidden in mapping app (source)