Endpoint/Device Security, Application security, Malware, Data Security

Android apps laced with malware via novel Zombinder platform

Legitimate Android applications could be compromised with malware without the knowledge of their users who could still enjoy the apps' complete functionality using the Zombinder darknet platform, which adds an obfuscated malware loader to the application code, according to BleepingComputer. Threat actors have been facilitating the campaign by spoofing Wi-Fi authorization portals, which lures users to download either an Android or Windows version of the app, which is in fact malware, a ThreatFabric report showed. The malicious Android app was found to deploy an Ermac payload with keylogging, attack overlay, email exfiltration, two-factor authentication code exfiltration, and crypto wallet seed phrase theft capabilities. Meanwhile, downloading the purported Windows app prompts the distribution of the Aurora and Erbium stealer malware, as well as the Laplas clipper. Similarities between the capabilities of the malware strains suggest experimentation on the part of the attackers. Various threat actors may also be using a lone third-party malware distribution service for the attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.