A malicious Android campaign named Tria Stealer has been targeting users in Malaysia and Brunei since mid-2024. The campaign uses wedding invitation lures to trick victims into installing a malicious app that collects SMS data, tracks call logs, and steals messages from apps like WhatsApp and emails from Gmail and Outlook. The stolen data is exfiltrated to Telegram bots. The threat actor uses this information to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other online accounts. The campaign is likely operated by an Indonesian-speaking threat actor and remains active, with the malware evolving to target more personal communications data. Author: AlienVault
Related Tags:
telegram bots
Tria Stealer
Malaysia
T1528
android
AlienVault OTX
AlienVault
Phishing
Associated Indicators:
C7721857E90A5C0F97C0B62C7FE06B19D1BDE18A08E57127785687B5AA7C65DA
63C971652D9313665DF835836D1D36E602B7DBFEF4ED21083F1ADF8E4DCEAC74
D41618B4CD40872BE1FAF1CC6936E182DA4600F8
87ADEDC81F26A47F5CBFA5D6163617967F00BE77
5EEC510B7D98D2CE47B4B9FA6D8C7449A5B4F4B9
6344466E975F89D8992080E2F0741661
4FF2572A40300C0CCE4327EC34259902
162ED054914A8C71AD02126693C40997
4E7A72F32D5B6679A58C8261049D063B