Rewterz Threat Alert – New JavaScript Malware Loader infects Rats on Windows PCs – Active IOCs
November 25, 2021Rewterz Threat Alert – BazarLoader Malware – Active IOCs
November 25, 2021Rewterz Threat Alert – New JavaScript Malware Loader infects Rats on Windows PCs – Active IOCs
November 25, 2021Rewterz Threat Alert – BazarLoader Malware – Active IOCs
November 25, 2021Severity
Medium
Analysis Summary
A new Android malware known as MasterFred uses fake login overlays to steal the credit card information of Netflix, Instagram, and Twitter users. First seen in June 2021, the banking trojan has now is active again as the holiday season approaches near. The malware also targets different banks customers in different languages mainly targeting Turkey and Poland at this point. There was atleast one application that was removed from the Google playstore but MasterFred’s operators are also likely using third-party stores as a delivery channel for this new malware. MasterFred abuses the Android Accessibility service to collect sensitive information such as credit card information from over 10 fake bank pages or compromise more than 8 social networking accounts such as Netflix, Twitter, etc. by using false login pages. The HTML overlays for common apps as well as the fake bank login overlays in multiple languages are saved in the assets folder within the application.
Impact
- Data exfiltration
- Financial loss
Indicators of Compromise
MD5
- ee7fc9050bb9d6e55876be4925d20411
- 0f1ebd5895153c14602984235974ee30
SHA-256
- ce0f20f0c1283fd0e29a5b6a4bd2a44c6a1968b0e7553386bf1e7c88ffce5427
- 7660c207aff4f7855a5f9667d7dbc05d9bc9c57107712337e139e188cecfebb1
SHA-1
- fd323c204a44f513cc084a152b2a11528d7db1b4
- d6128e53c3e9d961a95a5559029ed2c7f484c7e5
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.