logo_SVG-01
✕
  • Platform
    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    • Managed Security Services
    • Managed Penetration Testing
  • Services
    • Assess
      • Compromise Assessment
      • Advanced Persistent Threats Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      • SOC Maturity Assessment
      • SOC Model Evaluation
      • SOC Gap Analysis
      • SIEM Gap Analysis
      • SIEM Optimization
      • SOC Content Pack
    • Train
      • Simulated Cyber Attack Exercise
      • Tabletop Exercise
      • Security Awareness and Training
    • Respond
      • Incident Analysis
      • Incident Response
  • Solutions
  • Resources
    • Blogs
    • Press Releases
    • Threat Insights
      • Threat Intelligence Reports
      • Threat Advisories
      • Monthly Threat Insights
  • Why Rewterz?
    • About Us
    • Careers
    • Contact
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Rogue RAT used for Android Device Takeover, Data Theft and Malware Delivery

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
logo_SVG-01
  • Platform
    xdrLogo
    center_new
    Read More about XDR

    Platform

    • Rewterz XDR
    • Rewterz Defense
    • Rewterz Threat Intelligence
    Rewterz Threat Alert – Rogue RAT used for Android Device Takeover, Data Theft and Malware Delivery

    Managed Security Services

    • Managed Security Monitoring
    • Remote SOC
    • Onsite SOC
    • Hybrid SOC

    Managed Penetration Testing

    Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.

  • Services

    Assess

    • Compromise Assessment
    • APT Assessment
    • Penetration Testing
    • Architecture Design & Review
    • Red Team Assessment
    • Purple Team Assessment
    • Social Engineering
    • Source Code Review

    Transform

    • SOC Consultancy
    • SOC Maturity Assessment
    • SOC Model Evaluation
    • SOC Gap Analysis
    • SIEM Gap Analysis
    • SIEM Optimization
    • SOC Content Pack

    Train

    • Simulated Cyber Attack Exercise
    • Tabletop Exercise
    • Security Awareness and Training

    Respond

    • Incident Analysis
    • Incident Response
  • Solutions
  • Resources

    Resources

    • Blog
    • Press Releases
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – ICS: Multiple Schneider Electric IGSS Vulnerabilities
    Severity High Analysis Summary CVE-2023-27984 CVSS:7.8 Schneider Electric IGSS could allow a remote attacker to execute arbitrary code on the system, caused by improper input validation […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Alert – Chaos Ransomware – Active IOCs
    Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]
    March 17, 2023
    March 17, 2023
    Rewterz Threat Advisory – Multiple Adobe ColdFusion Vulnerabilities
    Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]

    Threat Insights

    16
    pdf-file (1)
    Annual Threat Intelligence Report 2022
    • Threat Advisories
    • Monthly Threat Insights
    • Threat Intelligence Reports
  • Why Rewterz?

    About Us

    Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.

    Read More

    play_btn_Smallplay_btn_hover_Small
    leadership

    Our Leadership

    Our leadership team brings together years of knowledge and experience in cybersecurity to drive our company's mission and vision. Our team is passionate about delivering high-quality products and services, leading by example and assisting our clients in securing their organization’s environment.
    help

    CSR

    At Rewterz, we believe that businesses have a responsibility to impact positively and contribute to the well-being of our communities as well as the planet. That's why we are committed to operating in a socially responsible and sustainable way.

    Connect with Us

    • Contact
    • Careers
Get in Touch
Rewterz
Rewterz Threat Alert – New Android spyware targets users in Pakistan
January 14, 2021
Rewterz
Rewterz Threat Alert – JavaScript RAT Targeting Asian Government and Financial Sector
January 15, 2021

Rewterz Threat Alert – Rogue RAT used for Android Device Takeover, Data Theft and Malware Delivery

January 14, 2021

Severity

Medium

Analysis Summary

As remote work continues, remote collaboration platforms are being targeted by cyber criminals. Meanwhile, other platforms are being used on smartphones to transfer data securely. In the midst of this, a Rogue RAT trojan is being used to steal data from android devices, to deliver further payloads and to takeover the device remotely. Researchers detail Rogue RAT which exploits Google’s Firebase development platform, targets Android devices to exfiltrate personal data and can deliver other malware, which provides even low-level cybercriminals with the ability to read your messages, steal your passwords, and even record your calls. A new combination of two older types of malware, which provides hackers with access to almost everything a user does on an Android smartphone, is up for sale on underground forums for as little as $29.99. The ‘Rogue’ remote administration tool (RAT) infects victims with a keylogger, allowing attackers to easily monitor the use of websites and apps in order to steal usernames and passwords, as well as financial data. Once a hacker uses the Trojan, portrayed to victims as a legitimate app, to infect a device, the malware can exfiltrate data, such as photos, location information, contacts and messages. It also can download additional malicious payloads, including mobile ransomware. Moreover, when Rogue successfully gains all of the required permissions on the targeted device, it hides its icon from the device’s user to ensure it will not be easy to get rid of it. If all of the required permissions are not granted, it will repeatedly ask the user to grant them. If the user tries to revoke the admin permission, an onscreen message designed to strike terror in the heart of the user appears: ‘Are you sure to wipe all the data?’ The Rogue RAT takes advantage of a targeted device’s Android Accessibility Services, which are designed to assist users with disabilities. These services generally run in the background but can access apps and other components within an Android device. By accessing these services, hackers can gain control over a device without the victim knowing.

Impact

  • Credential Theft
  • Data Exfiltration
  • Device Takeover

Indicators of Compromise

Hostname

  • bald-panel[.]firebaseio[.]com
  • hawkshaw-cae48[.]firebaseio[.]com
  • spitfirepanel[.]firebaseio[.]com
  • phoenix-panel[.]firebaseio[.]com

MD5

  • 9d8ae4d9ad837a7ce156eb4102faf5ad
  • 19049050f5839625675b455449404016
  • 09e3f63fe85169741c87083f00627668
  • 967fb19666c70ab06cfcab14e67eea03
  • 0dcfcd54e615730080549762096ca2b5
  • ff57db66437032e18b7f2bf009beb52d
  • 433831f94ab3400cab8ed4940322c7f4

SHA-256

  • fa7fcbf01a252e1f0d3028512e5d58ab18674bc415d4956e28d1e3fea835d724
  • f47d06ddf3525e244f5d58e9c3ea5f1977845c917b84fca28363d1797d70715e
  • e2f611c47efd760a41090293792ad8ebe6ae972c75fe136639c4cc98561b4e98
  • e0e1fb9d914d0626c4e7b4999afdd02f070cea1bc5a446f7073566d94493161f
  • dfd18ac31b4b90ac72649de6ed663fa2fd8719606cd4da7126098e58288693ce
  • d910ff3e1ff1c8355d603113dfdf6de3859e206bdd704b83a75c7efb7ab7a594
  • cf519a751ea25f59f99d7f90dfba82c109b11725fe9cbeb479c3ec358f124e99
  • cb1cbb2cadb2f265b38fae9bad0d622cdf4d7c071924a0346679fb3decafa95c
  • caa38f6ae2969e885757ff0cfce69b7981d4c115740f12cd18b4088b47a97dee
  • c2893c0cdb3e67f3052fe3f819f03f5d52610d0904dad11aa353db202ead6c00
  • bcd53e2e363daf5eb719c0892d49d15261189fe8711adc9ad40fcbe646956622
  • b93ba6614762120f200efdee98ba2f5f3f3f55f152279c70422d2014f770cf8e
  • b790affd3fc6591779fa0c06f6c8e47fbc1b2b76399842f12fbd792edb8bb98c
  • af89e25c4add8bc5a5d5cd1a16479ecd8f40577766d8ea8e42eb6bcae7d3ba9d
  • ae3afac1ddbf6853845c8a62f9adaaa5ea872141da2dd8be5a6d61b84bf1da9a
  • a4058e6e6f81ec4c8bb234b5df11ad9b459221cc7d1b0acba733ffd6e1f1f930
  • a1002512a86d7af9c4fd5579f87baee7d377e84373cae475a83beb9438eb17e7
  • a08db81e33f978da7b540228d04ddce47f447b4501b9f70fba46f5acf74e038a
  • 9eb556a52bf26e284a6c333f09d576e61fad9f76d4d4b7abb86cfe099108b8a0
  • 974615a4902d920895b4fe03e4f987f56471f003daf82d2930c9fdbdc56bc048
  • 928cdc76250852b5161ca0ca418b82cf3033e1b21d419a9654a29a68b43e4aa5
  • 901c93ee5bc2a474c20379bd07eac08cc27266a39b3b6b563c0ffa7dfcebec88
  • 82c07ab7460204b60e4cd4c2f5e263db538e128382341f8dfa727800d3e0c980
  • 7bea11940ef818db0b3284c5e6b651e8551b5f2662808e3c48e2e92a55156ff3
  • 7a6c738f4bdecffcbfa8a29eae1091876f34d9c91cd21b51a7e51896a69be3ac
  • 734c9146be56c9c1e1abb7dfa533d8ebec77ceae8550d7918dd7e38e4f4dc721
  • 72c60de4ae67237bbcdc8d9bdda38c2374cb0d4a1364239ecb9ef4992a6253e2
  • 71cc0cd5979cce2ee72073e81c47262465fd8158d10a7d29cd86cae6ffa12607
  • 6e89e0e52fec1bff8175742570d9a40cb32be6c869e885077db9b13b1e39ef80
  • 6ad406fa29e2f327d9672e1f8578d89aa1f1cc242c7a9ee83ede3cebd313ca09
  • 64905ad7b0f635efb0402d57d0b0d7d31832ca66afac2fe17379877004a32e73
  • 62078c7099dd3485b45ac8bec8fcecbc2662f6c21d3b309dc7a865df6a822794
  • 5de7799e1d95daaaceb6e158dfb27e44fd93021c7676f728b0e157e1bd2099c7
  • 5a8de8e601fb1577321ded7475b28f8c72157bb6bcf2857c99cbc7a39489c71a
  • 4e0bcfc83f8a2714acbf1725262827ec17f61c5826cd5cf0837d1642fdc5b25e
  • 4d24880ac70f7d7b3997316ca01854413de0d8df5bb30ce757280a28713ae7e4
  • 4ad6b698cfd2af542fca2316b94e1f213025d48e0895f1a127dec789c4b4dded
  • 49b353ac2ba897672644ea6aff8edc69ac7fc195b96c069c338f7da588674871
  • 4478a2e8a952529bbe1bf0a1f1d98f197ff1717f1dab1635cfe151c4771d3561
  • 41ad6c0c6eb93877adb8a319520bba43a334cae463379feccb5b6df3bb94b530
  • 4105f8c46caa7b715d003a8d39ecf2d22b107000961a232538766830a741657b
  • 3ead4a167d118105164e9c13de0fa14d06ea0dc32d02c861bde4c8bef4e0bd07
  • 3dc2f2a200630294fc0af904ddf611f9ecfe8a4c65899aff8d6b56aed53177f8
  • 36ebc45ee083d8478372916a7d9bf4f7f26bdd1cd8f10765ec6e375bf73962f4
  • 2beb5e9d9ba93acc1d5f858c3e4fdeee04e0741eb44ab0a3a5a98ce2687f38a7
  • 28a74b00f590cc85578dad296271ed0a91225b876c088a4fae2a7e9d06636347
  • 1f5850b3a38df372cc40987b376cbf093ed5dd5d9e99e3ead61b24aa8cc82976
  • 10988044a6db87ff8a526aa4a5004c9fafb8631d4373bf3e7ec76e5e47690eb9

SHA1

  • 01345bb385d48cc102bc49a89164ab335ce87109
  • 27bf41aaae857a13492f337db585bf6e764e5a76
  • 4a2aa645419cb882ce324d4bd3bad75a973c3cf7
  • b892b1b6ae7838252478f13aa512b64bf0b1e3ee
  • 1adfad6a85f75ff215c96f19a186cea2558a855e
  • a4348af90b3343111ff666299f08058946b06666
  • 9a50a50f15ce38f57893758c1fd9a09ec97acadf

Remediation

  • Block the threat indicators at their respective controls.
  • Be careful when granting permissions to applications.

Platform

  • Rewterz XDR
  • Rewterz Defense
  • Rewterz Threat Intelligence

Managed Security Services

  • Managed Security Monitoring
  • Remote SOC
  • Onsite SOC
  • Hybrid SOC

Assess

  • Compromise Assessment
  • APT Assessment
  • Penetration Testing
  • Architecture Design & Review
  • Red Team Assessment
  • Purple Team Assessment
  • Social Engineering
  • Source Code Review

Transform

  • SOC Consultancy
  • SOC Maturity Assessment
  • SOC Model Evaluation
  • SOC Gap Analysis
  • SIEM Gap Analysis
  • SIEM Optimization
  • SOC Content Pack

Train

  • Simulated Cyber Attack Exercise
  • Tabletop Exercise
  • Security Awareness and Training

Respond

  • Incident Analysis
  • Incident Response

Threat Insights

  • Threat Advisories
  • Monthly Threat Insights
  • Threat Intelligence Reports

Resources

  • Blog
  • Press Releases

Connect With Us

  • Contact
  • Careers
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.
Get a Demo