Rewterz Threat Alert – Reductor Infects Files on the Fly to Compromise TLS Traffic
October 4, 2019Rewterz Threat Alert – Crosswalk Malware – IOC’s
October 7, 2019Rewterz Threat Alert – Reductor Infects Files on the Fly to Compromise TLS Traffic
October 4, 2019Rewterz Threat Alert – Crosswalk Malware – IOC’s
October 7, 2019Severity
Medium
Analysis Summary
FunkyBot a new Android malware family primarily targeting Japanese service providers, FortiGuard Labs was able to identify this campaign and what, to the best of our knowledge, is a new malware family. During our analysis, we also encountered other samples that were not completely developed and lacked some of the functionalities. The malware is currently under development and is being tested in the wild. The capabilities of this family are limited at the moment, but the fact that we were able to find different samples that showed significant improvement in the span of a few weeks shows that this family should not be underestimated.
Impact
Loss of data
Indicators of Compromise
IP(s) / Hostname(s)
- 108[.]61[.]187[.]156
- 149[.]28[.]24[.]166
Malware Hash (MD5/SHA1/SH256)
- beb6cb245f6597b6d2b9e9232774329b94f2eada5980a3cb28f9100cc161f4a4
- 152be211ecd21c8abfd7c687a5ca8a17906f589c59055516e5482ff3fcf42dbf
- 02036825d69208612fd281b3d4fd9be06fc315addeac1fe8872eb2cc9f6f1fcd
- b4f3b7850c4332bcf85bbd64ebd6d837a3de64a03c1150cdd27e41599d2852b6
Remediation
- Only install apps from Google Play
- Only update your device when prompted.
- Back up Your personal data regularly.