Netflix, Instagram, and Twitter users are being targeted by a new Android Malware
MasterFred a new android malware is using fake login overlays to steal credit card information from Instagram, twitter, Netflix users and Banking customers. Sample of this virus was first submitted to VirusTotal in 2021. Alberto Segura said that “It seems there is an undetected Android #Banker affecting Turkey and Poland.” Sharing a sample of the virus a week ago.
“By utilizing the Application Accessibility toolkit installed on Android by default, the attacker is able to use the application to implement the Overlay attack to trick the user into entering credit card information for fake account breaches on both Netflix and Twitter.” Said Avast Threat Labs in a Twitter thread.
“Some things make MasterFred stand out. One of them is that the malicious apps used to deliver the malware on Android devices also bundle the HTML overlays used to display the fake login forms and harvest the victims’ financial info.”
“The malware also uses the Onion.ws dark web gateway (aka Tor2Web proxy) to deliver the stolen information to Tor network servers under its operator’s control.”
“Since at least one of the malicious apps bundling the MasterFred banker was recently available in Google’s Play Store, it’s safe to say that MasterFred’s operators are also likely using third-party stores as a delivery channel for this new malware.” mentioned Bleeping Computer news in their post.
Impact
Stealing credit card Information using fake login overlays.
IOC
Domains:
qjvpp2shgqyhcfdvtcpe3w4c4ngigwbcufdtmqokbbs23wymgervjtqd[.]onion[.]ws
SHA256s:
1284d9e44fa5ac5b645c26c5e941cc392d77ab24ebfa91948688ce769ff71667
7660c207aff4f7855a5f9667d7dbc05d9bc9c57107712337e139e188cecfebb1
ce0f20f0c1283fd0e29a5b6a4bd2a44c6a1968b0e7553386bf1e7c88ffce5427
Remediate
- Scan and block the IOCs in the network.
- Reduce the risk of downloading potentially harmful apps by limiting your download sources to official app stores.
- Install Android updates and patches as and when available from Android device vendors.
- Do not browse un-trusted websites or follow un-trusted links and exercise caution while clicking on the link.
- Only click on URLs that clearly indicate the website domain.
- Install and maintain updated anti-virus and antispyware software.
- Consider using Safe Browsing tools, filtering tools (antivirus and content-based filtering) in your antivirus, firewall, and filtering services.
Reference
