This info-stealing malware is hiding in downloads for popular apps — how to stay safe
Downloading new apps on your computer is usually a simple and straightforward process, but you now need to be extra careful when doing so as hackers have begun impersonating popular apps to spread malware.
According to a new blog post (opens in new tab) from the cybersecurity firm Cyble, hackers have begun using phishing pages designed to impersonate a number of popular apps online. While a user may think they’re downloading a widely used app, they’re actually installing malware on their computer.
On January 16, the firm’s researchers discovered a phishing site that was impersonating a popular chat app. The very next day, the same phishing site had been transformed to mimic the site of the remote desktop tool TeamViewer. This shows that the hackers behind the campaign are actively changing and customizing their phishing sites to target a number of popular apps.
Once a user clicks the download button on these phishing sites, malware named “messenger.exe” and “teamviewer.exe” is downloaded onto their PC. However, the hackers behind this campaign are using a clever trick to bypass the best antivirus software: they’re padding these downloads with extra zeros to increase their file size. This helps their malicious executables bypass security checks, as larger software can be harder for antivirus software to detect.
Aurora malware
In this case, the malware being distributed is the Aurora infostealer which as the name suggests, can collect all kinds of sensitive data from the browsers, browser extensions, crypto wallets and user directories on an infected machine. Surprisingly, the malware can also extract data from Telegram if a user has the desktop app installed.
Once all of this sensitive information — including passwords — is gathered up by Aurora, it’s saved in JSON format, compressed using GZIP and converted into the Base64 encoding format before it’s sent off to a Command-and-Control (C&C) server controlled by the hackers behind this campaign.
With a user’s cookies, browsing history, login data and web data in hand, an attacker can commit fraud, drain a user’s bank accounts or even commit identity theft. While the consequences of downloading a fake app that…