Cybercriminals have developed fraudulent apps mimicking popular online marketplaces like OLX and Allegro, as well as banking applications, to trick users into divulging sensitive information. These applications are part of malware families known for their advanced capabilities in bypassing security measures and stealing user data. Affected: OLX, Allegro, banking sector
Keypoints :
- Cybercriminals are exploiting online marketplaces through malicious mobile applications.
- Fake apps replicate the appearance of legitimate platforms such as OLX and Allegro.
- Targeted platforms are popular in regions like Poland.
- Applications belong to malware families like TrickMo and SpyNote.
- Malware gains permissions to install additional malicious payloads and access sensitive user data.
- Dynamic analysis reveals malicious activities initiated post-installation.
- Compromised information includes banking credentials and personal financial details.
- Cybersecurity teams have noted increasing sophistication in these phishing campaigns.
MITRE Techniques :
- TA0001: Initial Access – TrickMo drops additional malware via the REQUEST_INSTALL_PACKAGES permission.
- TA0011: Persistence – Use of APK as a dropper to install further malicious applications.
- TA0006: Credential Access – SpyNote collects SMS, keystrokes, and other sensitive user credentials.
- TA0060: Exploitation of Remote Services – Utilizes C2 communication to exfiltrate data.
Indicator of Compromise :
- [APK] OLX Payments.apk
- [Hash] 8ebf4bdf9326073fa0577a2e1950e1af
- [C2] hxxp://traktortany.org/c2
- [APK] childapp.apk
- [C2] 212.224.88.14:7771
Views: 5