Rewterz

Rewterz Threat Alert – APT C-23 Active in Middle East

November 30, 2020
Rewterz

Rewterz Threat Alert – Alert on Gozi Banking Trojan

November 30, 2020

Rewterz Threat Alert – Adobe Flash Malicious APK

Severity

High

Analysis Summary

Threat actors have been dropping malicious Adobe Flash player APK to users to exfiltrate data and rob users off from there sensitive information. The filename of the malicious apk is Adobe Flash 2020 to make it more legitimate. The malicious APK has the images of the guideline of how to install Adobe Flash Player. When users opt to download and install the said fake app, the site connects to another URL to download malicious.

Image
Image

Impact

  • Data breach
  • Exposure of sensitive data 

Indicators of Compromise

Filename

  • Adobe_Flash_2020[.]apk

MD5

  • 0b7018e42a1aa85669aeed0d60a8bb80

SHA-256

  • 86d2ceb1e5c9496f4e64192232168ba6e80630211c715e2e9987b7ea19df7629

SHA1

  • ac56bdcadb912cda0289bc5c867358b2dc2bcee7

URL

  • https[:]//online-menu[.]net/media/lading/lading/%20-
  • https[:]//online-menu[.]net/media/lading/lading/download[.]php%20->
  • https[:]//online-menu[.]net/media/lading/lading/Adobe_Flash_2020[.]apk

Remediation

  • Block all threat indicators at your respective controls.
  • Search for IOCs in your environment.
  • Block access to malicious sites.
  • Adobe Flash Player can be downloaded via Play store and official Adobe website. 

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.