Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 7, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 7, 2021Rewterz Threat Alert – DanaBot Trojan – Active IOCs
June 7, 2021Rewterz Threat Alert – Lokibot Malware – Active IOCs
June 7, 2021Severity
Medium
Analysis Summary
SMS worm impersonates Covid-19 vaccine free registration. Android SMS worm tries to spread via text messages as fake-free registration for Covid-19 vaccine – targeting in India. It can spread itself via SMS to victim contacts with links to download this malware.The malware has several names like Covid-19 vaccine, Covid-19 vaccine registration, Vaccine Register, My-Vaci among others. Recently, The Indian Computer Emergency Response Team (CERT-In) issued a fresh advisory to warn citizens about fake CoWin vaccine registration apps that are spreading through SMS (Smishing). CERT-In mentioned that fake messages are in circulation through SMS that falsely claims to offer an app to let users register for COVID-19 vaccine in India. While the exact wordings of the SMS may differ from time to time, the SMS suggest users to download an app or APK files on their Android phones by clicking on the link that is there on the SMS and install the app.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
Filename
- Covid-19 vaccine
- Covid-19 vaccine registration
- Vaccine Register
- My-Vaci
- CoWin vaccine registration apps
MD5
- e9eb39d8880a1a04acc538bb717dc337
SHA-256
- 5522a7cc358b4193eac53e620d3baa47f385a04bf3d15d1850076cce9456d5f4
SHA-1
- 13944686c0d6eef8be486306fe8645e2f33c131f
Remediation
- Always download applications from verified sources.
- Pay attention while giving permissions requested by the applications.
- Disable from unknown sources in the security and unchecking settings.