A Trojan version of the applicationis spreading on the network Psiphon for Android, which steals data from compromised devices and installs a ransomware module for extortion. It is an installer📱 APK distributed by cybercriminals through third-party stores, phishing, SEO-poisoning, and other channels (not distributed through Google Play).
- Keylogger
- VOIP call recordings
- Executing code at runtime
- Collecting browser history
- Recording incoming calls
- Recording all VoIP calls
- Collecting data from WhatsApp, Skype, and Telegram
- Stealing personally identifiable information (PII) data
- Opening phishing URLs
- Capturing photos
- Collecting screenshots
- Stealing clipboard data
- Switching WiFi and Data status
Cyble Research & Intelligence Labs (CRIL) analyzed the application and found that it contains the DAAM Android botnet, which has been active since 2021. Inside, a full stuffing of functionality: a keylogger, recording VOIP conversations, viewing all incoming calls, collecting data from WhatsApp, Skype and Telegram, viewing photos, stealing data from the clipboard and much more.
🍰The icing on the cake is the ransomware module, which is used to encrypt files on an infected mobile device, making sensitive files inaccessible to the user.
❗️ The purpose of this unusual module (for mobile malware) is to extort money from the victim for file recovery. This is stated in a note that is created on the device under the name “readme_now.txt”.
Files are encrypted using the 🔐Advanced Encryption Standard (AAES) algorithm, which is considered reliable and secure, so locked data cannot be recovered without a key.
You must be logged in to post a comment.