The Hacker News reports that threat actors have leveraged more than 200 Android apps to deploy the Facestealer spyware, which has user credential and sensitive data exfiltrating capabilities.
Numerous variants of Facestealer, which could also harvest Facebook cookies and personally identifiable information, have been developed since its discovery last July owing to the malware's frequent code changes, according to a Trend Micro report. Over 40 of the apps identified to have Facestealer were VPN services, while 20 and 13 of the applications were camera and photo editing apps, respectively. Facestealer was also discovered in more than 40 cryptomining apps.
Meanwhile, a separate study from NortonLifeLock and Boston University revealed that potentially harmful app detections totaled 8.8 million daily on more than 11.7 million Android devices from 2019 to 2020."
PHAs persist on Google Play for 77 days on average and 34 days on third-party marketplaces," said the report, which also noted the prolonged duration of PHAs when users switch devices.
As part of its latest attacks discovered in June, Tropic Tropper exploited several known Microsoft Exchange Server and Adobe ColdFusion vulnerabilities to distribute an updated China Chopper web shell on a server hosting the Umbraco open-source content management system.
More than 50 Alibaba-hosted command-and-control servers have been leveraged to facilitate the distribution of the backdoor, which impersonates the Java, bash, sshd, SQLite, and edr-agent utilities.
Angola and the Democratic Republic of Congo, which is a new Intellexa client, may have leveraged new Predator infrastructure to enable spyware staging and exploitation, according to an analysis from Recorded Future's Insikt Group.