Security News > 2022 > December > Legit Android apps poisoned by sticky 'Zombinder' malware
Threat researchers have discovered an obfuscation platform that attaches malware to legitimate Android applications to lure users to install the malicious payload and make it difficult for security tools to detect.
Analysts with cybersecurity vendor ThreatFabric found the platform, named "Zombinder," on the darknet while investigating a campaign that targeted both Android and Windows users with different types of malware.
Zombinder came to light while the researchers were analyzing a campaign involving the Ermac Android banking trojan.
These apps essentially were modified versions of legitimate apps, from a football streaming service to a Wi-Fi authenticator tool.
The malware packages bound to them also carried the same name as the legitimate apps.
The researchers discovered that the cybercriminals were using a third-party service - Zombinder - that provided the "Glue" to bind the malware dropper capabilities to the legitimate app.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/12/09/zombinder_android_windows_malware/
Related news
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)
- SpyLoan Android malware on Google play installed 8 million times (source)
- 8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play (source)
- New DroidBot Android banking malware spreads across Europe (source)
- New DroidBot Android malware targets 77 banking, crypto apps (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)