Rewterz Threat Alert – LODEINFO Malware
June 15, 2020Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020Rewterz Threat Alert – LODEINFO Malware
June 15, 2020Rewterz Threat Alert – APT Group Lazarus – IOCs
June 15, 2020Severity
Medium
Analysis Summary
12 applications being used to distribute malware Anubis and Spynote which steals banking and personal information. Countries affected include Armenia, India, Brazil, Columbia, Indonesia, Iran, Italy, Kyrgyzstan, Russia, and Singapore. The application is modeled after legitimate applications, specifically Coronavirus. The application asks for accessibility services. Once enabled, the permissions run in the background and hides the application icon from the application drawer. Its primary functions are accessing SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected. This infected malware then installs the legitimate application upon hiding the malicious application.
Anubis is a banking trojan utilizing overlays to steal credentials as well as accessing infected devices whereas Spynote asks for other SMS, GPS, Location data, contacts, capturing photos, and other functions of the device infected.
Impact
- Credential theft
- Exposure of sensitive data
- Financial loss
Indicators of Compromise
MD5
- c448ae9ad80f088e9296f08a114605e2
- 66b3529f7589cac62960bfacc9dbc5f4
- 0ba9d47e0d9fa0b6db4f397a34f7efab
SHA-256
- 1d94952245f517602227938a26c498006143d7b8a92dd259f595715255b99ade
- 885d07d1532dcce08ae8e0751793ec30ed0152eee3c1321e2d051b2f0e3fa3d7
- 41bb86666543349bbf82e157b4d69a893f9b9c0fd37a8dce59048d8e000af3d6
- add9a29ee75b55ec8d6d7ee4f5119084edbeb3db04cbcce0af30c28758182296
- 8b8dfb8fa7c313d9d7c1b1a67646abdb54d8cfd18773b136a10f191ca27098fc
- d7fc4377b7a765d6bc3901d0de01008095965d02062fda3707957163afe8884d
- a03fe22f32b683a34c452a74fbc8e78f5f33132332149fe726945397c37d37a6
- e6786770a2a81ce798178f4eef4ae2290dfb1977ba5ced8cdbd01ddca3fadd17
- a76bb2e56079dca73d759cdae9857cd5626c200785f004e492f60ce52784f745
- cafc2a8e3dc818de9bb5b0eff1a9983426e5db9cc8c0d42905cefeb99b442099
- a891a9f77671623f6c397a03bc9ec7effc362a56e6f2ebb22967eeb6e4e9a14d
- a9eaea748420a5f832a208b35be7107b5fef389a844c0659688466d3a8fd3eb6
- 090b5fb792b62225df6ca55fac2d96b630d596a61b7071009e0084056d04240a
- be2a9bbdb89e48b5eadc52830d6f92dc4355adc2bc95d5ac5d6748fee68acf1c
Remediation
- Block all threat indicators at your respective controls.
- Always download legitimate/ recommended applications from playstore.
- Search for IOCs in your existing environment.