Severity
High
Analysis Summary
APT-C-27 also known as GpldMouse threat group. he APT group is reportedly targeting the Middle East region. Android devices are targeted – The researchers also detected multiple samples designed to target Android devices. Multiple related Android samples with C2 205.251.145[.]29 295.yao[.]cl 94.177.251[.]146 have been found. Those recent Android backdoors are disguised as commonly used applications such as Android system. Once these false ‘HD.APK’ files are downloaded on the device, attackers use the C2 server to capture details such as GPS Positioning and perform tasks like recording and photographing from the device.
Impact
- File recording
- Information theft
- Exposure of data
Indicators of Compromise
Filename
- HD[.]apk
IP
- 205[.]251[.]145[.]29
- 94[.]177[.]251[.]146
MD5
- 14d9cea1080b4ef3e41329d7fb84f70b
SHA-256
- 621741a6bd764a7e0af6294dc209e645cc4b958fd68c0b12760c9cad2e019328
SHA1
- eb3499938fa32d1cdcef3529e5d90146e6fe3a96
URL
- http[:]//chatsafe[.]tecnova[.]com[.]br/Super/HD[.]apk
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.
- Always download legitimate updates from the play store.