Rewterz Threat Alert – APT C-23 Active in Middle East
November 30, 2020Rewterz Threat Alert – Alert on Gozi Banking Trojan
November 30, 2020Rewterz Threat Alert – APT C-23 Active in Middle East
November 30, 2020Rewterz Threat Alert – Alert on Gozi Banking Trojan
November 30, 2020Severity
High
Analysis Summary
Threat actors have been dropping malicious Adobe Flash player APK to users to exfiltrate data and rob users off from there sensitive information. The filename of the malicious apk is Adobe Flash 2020 to make it more legitimate. The malicious APK has the images of the guideline of how to install Adobe Flash Player. When users opt to download and install the said fake app, the site connects to another URL to download malicious.
Impact
- Data breach
- Exposure of sensitive data
Indicators of Compromise
Filename
- Adobe_Flash_2020[.]apk
MD5
- 0b7018e42a1aa85669aeed0d60a8bb80
SHA-256
- 86d2ceb1e5c9496f4e64192232168ba6e80630211c715e2e9987b7ea19df7629
SHA1
- ac56bdcadb912cda0289bc5c867358b2dc2bcee7
URL
- https[:]//online-menu[.]net/media/lading/lading/%20-
- https[:]//online-menu[.]net/media/lading/lading/download[.]php%20->
- https[:]//online-menu[.]net/media/lading/lading/Adobe_Flash_2020[.]apk
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Block access to malicious sites.
- Adobe Flash Player can be downloaded via Play store and official Adobe website.