A sophisticated Mishing campaign delivers malware to Android devices, enabling credential theft from banking, cryptocurrency, and critical applications. The campaign uses phishing domains to distribute a new variant of the Antidot banking trojan, dubbed AppLite Banker. Attackers pose as recruiters, tricking victims into downloading a malicious app that installs AppLite. The malware can mimic enterprise apps, Chrome, and TikTok, allowing for device takeover and application access. It uses advanced techniques like ZIP manipulation, websocket communication, and overlay attacks to evade detection and steal credentials. AppLite targets users in multiple languages and focuses on banking, cryptocurrency, and finance apps across various countries. Author: AlienVault
Related Tags:
antidot
applite banker
banking trojan
Australia
Canada
Portugal
Spain
Finance
United States of America
Associated Indicators:
48E972CFCF330C49CCE4F72C48D51A05A7D7A2F837E880174B5C9C5971F8A517
61F4011A9C9D7F758CB1EDAAA28FB74576D5EFDDEE6FC66046D26B68E7B83995
F499AC58F49B80F01124F5645DB359A5F8664A332C67472617796A3F5058C13F
8140E2B27418DB3B8083885A970207D73285D9EE6B507D173217BEE4CD4DFEF6
62D0D8BD39F7D7F8BFA978D86D5E1636F982F9C46C0228B41BB7C73503C980E2
95F3183E162066F3C9C831C5872E172FA975CF6D3A02ED24C8F12F0CC2D3992E
66C18E968F38D6FB17E89F9579FF661D2621FA60C7EC3FE95517522322715B93
9DC217C00441A41B3876E6F085337DBD1755579B734E85DF5E15F3CFE9F517D7
514A0F227949E530C04629C65F5A15986B4F76313D4B2C3932F1E2271EDD1975