Security News > 2024 > April > New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
Wpeeper stands out for its novel use of compromised WordPress sites to act as relays for its actual command and control servers, acting as an evasion mechanism.
Abusing WordPress as a C2. Wpeeper's novel C2 communication system is structured to leverage compromised WordPress sites and intermediate relay points, obscuring the location and identity of its actual C2 servers.
Wpeeper can update its C2 servers dynamically through the reception of a related command, so if a WordPress site is cleaned, new relaying points on different sites can be sent out to the botnet.
Using multiple compromised sites across different hosts and locations adds resilience to the C2 mechanism, making it hard to shut down the operation or even disrupt the data exchange on a single infected Android device.
New Brokewell malware takes over Android devices, steals data.
News URL
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Over 6,000 WordPress hacked to install plugins pushing infostealers (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)