July 9, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – Latest Emotet IOCs
July 7, 2020Rewterz Threat Alert – Banking Trojan Cerberus is on Google Play Store
July 7, 2020Rewterz Threat Alert – Latest Emotet IOCs
July 7, 2020Rewterz Threat Alert – Banking Trojan Cerberus is on Google Play Store
July 7, 2020
Severity
Medium
Analysis Summary
FakeSpy is Android information stealing malware that is known to have been in the wild since at least late 2017 and was initially used to target East Asian countries.Researchers have been investigating a campaign that has been sending SMS messages that contain a download link to an app. A victim would need to allow downloading of apps from third-party stores for the app to be installed. The app masquerades as a legitimate app belonging to postal and transportation services. Once installed the app will began providing information from the victim device to the its C&C servers. It will also send an SMS message containing a link to download the app, to all contacts in the device’s contact list. Cybereason notes that FakeSpy utilizes anti-emulation techniques and will behave differently if run in an emulated environment and that FakeSpy is being actively and frequently updated. The operator behind the campaigns is likely to be the Chinese threat actor group.
Impact
- Information theft
- Exposure of sensitive data
Indicators of Compromise
SHA1
- ad1ad43fdb2f6759b1a32b47dea41cd98afd74f6
- 00e26db52f692c5bea849f92a137991da484f907
- 7456e4ae32d574273656ce2350b28a745a33f806
- 6165039d703b74a99c0640950305e62cc88412d8
- f4524e97b979a59a56c4414f1835e236ce460a93
- 558575c4357295acf08d49df3fb85da42829e2ed
- 81ffd6e272d9b141530f8d3a52bbd2942c77fc0d
Remediation
- Block all threat indicators at your respective controls.
- Always download applications which are recommended and legitimate.