Heads up Android users! Here is another threat targeting your devices. New malware WolfRAT has surfaced online that targets messenger apps on Android, including Facebook Messenger and WhatsApp.
WolfRAT Malware Targeting Messenger Apps
Researchers from Cisco Talos Intelligence have found this Android malware in the wild, Dubbed WolfRAT, this malware specifically targets messaging apps on Android devices. These apps even include popular apps like Facebook Messenger, WhatsApp, and Line.
Sharing the details in a blog post, the researchers stated that this malware loosely bases on the leaked malware DenDroid. Yet, the malware seems to have gone through various improvements in stages to target the users. As stated by the researchers,
Briefly, the malware targets messaging and chat apps on Android. To steal data, it begins taking stealthy screenshots of chats whenever such apps are open. This is in contrast with most new malware that exploit Android Accessibility Suite to access data. The screenshots are then uploaded to the C2 server of the malware.
The malware reaches the target device through various malicious and fake updates to otherwise legit apps. For instance, it can mimic the Google Service to trick the user into installing the malware.
Then, it seeks explicit permissions from the victim to run on the device.
Overall, it has a very basic structure with primitive anti-analysis functionality that only scans for an emulator environment.
Detailed technical analysis of the malware is available in the researchers’ post.
Presently Active In Thailand
Researchers dubbed this new malware as WolfRAT considering the malware’s link with the now-defunct Wolf Research. Although the organization seemingly closed down, with this malware, the researchers believe that the threat actor is still active.
At present, the malware is actively targeting Android users in Thailand, supposedly, as an interception tool. Also, it presently bears a very basic structure. The threat actors have also leveraged open-source platforms for codes and packages.
Nonetheless, the continuous iterations in the malware and the stealthy data exfiltration capabilities hint that the malware may evolve into a serious threat in the future.
For More Hacking News Click Here