Security News > 2024 > April > New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads.
Wpeeper stands out for its novel use of compromised WordPress sites to act as relays for its actual command and control servers, acting as an evasion mechanism.
Abusing WordPress as a C2. Wpeeper's novel C2 communication system is structured to leverage compromised WordPress sites and intermediate relay points, obscuring the location and identity of its actual C2 servers.
Wpeeper can update its C2 servers dynamically through the reception of a related command, so if a WordPress site is cleaned, new relaying points on different sites can be sent out to the botnet.
Using multiple compromised sites across different hosts and locations adds resilience to the C2 mechanism, making it hard to shut down the operation or even disrupt the data exchange on a single infected Android device.
New Brokewell malware takes over Android devices, steals data.
News URL
Related news
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Vultur banking malware for Android poses as McAfee Security app (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)
- Android 15, Google Play Protect get new anti-malware and anti-fraud features (source)
- Android malware Grandoreiro returns after police disruption (source)