SoumniBot Archives

AppWizard

July 24, 2024

Telegram App Flaw Exploited to Spread Malware Hidden in Videos

Cyber criminals are taking advantage of the popular Telegram-based cryptocurrency game Hamster Kombat for monetary gain. They are distributing a malicious Android trojan called Ratel through an unofficial Telegram channel, impersonating the game and gaining control of compromised devices via SMS. The success of Hamster Kombat has attracted malicious actors who are deploying malware targeting players of the game. Additionally, malicious APK files targeting Android devices, such as BadPack, are being used to install malicious artifacts without raising any red flags.

AppWizard

April 17, 2024

Analysis of the SoumniBot Android banker

- SoumniBot is a new banker malware targeting Korean users - The malware obfuscates the Android manifest to avoid detection - Techniques used include exploiting the libziparchive library, declaring an incorrect size for the manifest entry, and using long namespace names - SoumniBot focuses on data exfiltration and command execution - It hides its app icon, uploads personal data to a server, and listens for commands from an MQTT server - The malware searches for digital certificates used for online banking - Security solutions like those from Kaspersky can detect and prevent the installation of SoumniBot