Rewterz Threat Alert – WebMonitor RAT Bundled with Zoom Installer

May 4, 2020

Rewterz Threat Alert – Fake Microsoft Team Alerts/Office 365 Phishing Campaign

May 5, 2020

Rewterz Threat Alert – Android SLocker Variant Uses Covid 19 to Take Android Hostage

May 5, 2020

Severity

Medium

Analysis Summary

An application named “Koronavirus haqida”, threat actors have begun looking for ways to take over mobile devices. The end result is being locked out of the affected device. As with other malicious applications, this is downloaded from outside official sources. Once installed, the application locks the screen and displays a ransom note. The ransom note includes a time limit by which to pay the ransom. The time limit is a false flag as the code contains nothing that enforces that limit. The device is genuinely locked and the malware survives a reboot. In newer versions of the Android OS (8.0 and above), the keys on the device are not locked, however, the user is still unable to manually uninstall the software. Should the victim attempt to circumvent the protection, the device will display a message stating that functionality will be restored upon payment. The malware can be removed via Android Debug Bridge or booting into safe mode. Should the victim pay the ransom, they will be able to uninstall the software through regular uninstall means. The malware has been reported in Ukraine, Russia, and certain countries in Central Asia such as Kazakhstan and others.

Impact

Locks out users from their device

Indicators of Compromise

MD5

6e3d57271a1c0e8e79c88d15f3897bab
698aa564ba543d8b0bb247471554672b
1dfc2e6f96727ab1bb37bc5ac303dc62
8fc2e3254eabdfceee843c6bc3367f6c
c89cd578e2a647671ce7254d3fab41dc

SHA-256

6af2b15d3b7d3fe5c1f14282480ec0624664700d66346a3e99ac69f061b30ed7
3cf9bcbd77f332f52f541737ec847dad023cd13bea0f2c8fd5fccaa75ef80d1c
0ee5a69ef20c65df3197af958d4522f6b596ec823ac73823df72db90f12ae05b
1e3e7a7c394d9f84d6a8e6bae55e46b794852ef9bce226c89f619632111e5d6d
aaea4d646d4ee28ced9ca87e642b5e318597be7c8756ce9c14efdb9bcf1910a2

SHA1

ce19e85e158c70231460fac34528885a958c5260
cb1eac882cd9b34f197fbee2faa8948f67891fd6
4101e06fa53fa532b171e3a769618095f576fa58
256cf66e7c500ac190efd00d8832efc218b53c6e
9819000c23e117e3308e67cade33bc019210d938

Remediation

Block all threat indicators at your respective controls.
Always download legitimate applications from the playstore.

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

SuperCard X Malware Exploiting NFC for Financial Fraud – Active IOCs

Zoom Remote Control Feature Exploited to Gain Access

Microsoft Entra Account Lockouts Triggered by Token Logging Error

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – WebMonitor RAT Bundled with Zoom Installer

Rewterz Threat Alert – Fake Microsoft Team Alerts/Office 365 Phishing Campaign

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.