BlankBot Trojan Targets Turkish Android Users
-
“A threat intelligence firm discovered samples of a malicious Android program that appears to target Turkish-language speakers. The program can take screen grabs, capture keystrokes, and create custom overlays — also known as Web injections — that can fool users into entering sensitive information. The Trojan, dubbed BlankBot, appears to be under active development — judging from a significant number of code variants and log files — and remains largely undetected by the anti-malware scanners hosted on VirusTotal, cyberthreat-intelligence firm Intel 471 stated in its report published on Aug. 1. The developers of the Trojan use openly available libraries for mimicking account pages and producing other overlays and showed other signs of cybercriminal sophistication, Intel 471's analysts, who asked not to be named, said in an email interview. "The developers appear to be experienced Android application developers, and they also demonstrate an understanding of the ATO [account takeover] business," they said. "These libraries allow the malware operators to imitate real financial applications more closely and create a seamless, authentic-looking phishing page, making it more likely that a user will follow all the steps and give up their sensitive information." At this point, the motive for the group's targeting of Turkey is unclear, the company said. In recent years, Turkey has become a target for cyberattackers, especially nation-state espionage groups. India's SideWinder group has targeted individuals in Turkey — in addition to the group's typical targets of regional rivals, such as Pakistan — while China's APT41 has targeted global shipping, technology, and automotive industries, including those in Turkey. Meanwhile, the country has been developing its own cyber capabilities. A Turkey-linked group has targeted Kurdish opposition groups throughout Europe, the Middle East, and North Africa, while another cybercriminal group in Turkey is targeting corporate databases in the United States, Europe, and Latin America with ransomware.”
อ้างอิง
https://www.darkreading.com/vulnerabilities-threats/blankbot-trojan-targets-turkish-android-users
