HQ/EMEAFind out how we can help your business
A newly discovered phishing operation distributes the novel AppLite Banker malware strain. The researchers who found the malware believe the virus is an improved variant of the Antidot banking Trojan.
Based on reports, the new cybercriminal campaign primarily targets Android devices and uses sophisticated social engineering tactics to acquire credentials and compromise devices for personal and business purposes.
Moreover, this latest mobile-targeted phishing attempt is a sophisticated refinement of techniques initially observed in Operation Dream Job. However, the tactic has now developed into a strategy targeting mobile users since the original Operation Dream Job targeted job seekers in the defence and aerospace sectors using LinkedIn messages and infected attachments.
The researchers explained that the new tactic still leverages fake job application pages and banking trojans but takes advantage of mobile vulnerabilities.
The AppLite Banker malware operators pose as HR or recruiters.
The initial investigation of the AppLite Banker malware shows that its operators impersonate recruiters or HR professionals from well-known firms.
The impersonators use phishing emails that resemble authentic links for job offers that would redirect targets to fraudulent landing pages. These websites then deceive visitors into downloading a fake CRM program and the dropper for the AppLite malware.
Once deployed, the software allows its operators to acquire various malicious capabilities. Some of the confirmed capabilities of the new malware include misuse of accessibility services for screen overlays and self-permissions, remote control with Virtual Network Computing (VNC), and misleading overlays to gather user credentials.
Furthermore, the researchers discovered that the virus targets at least 172 legitimate applications, including financial platforms and cryptocurrency wallets. It also uses sophisticated features to modify device operation and intercept sensitive data.
The malware could also manipulate ZIP files to bypass security software and insert harmful scripts in HTML overlays to avoid detection. These techniques enable AppLite to go undetected from numerous analysis tools.
This threat poses a widespread threat globally as it can target multiple countries and is available in various languages, including English, Portuguese, Spanish, Russian, French, German, and Italian. Additional assessment also noticed that the malware could capture lock screen credentials and automate screen unlocking. Hence, it gives attackers nearly complete access to infected devices.
Job seekers should be vigilant in accepting job offers, especially from unknown or suspicious sources. Double-check the legitimacy of links to avoid falling victim to these operations.
