The emergence of new malware with the dawn of a new day has become a routine to the lives of digital citizens. Adding to the routine, a new malware has been discovered by researchers.
The new malware dubbed Oscorp abuses accessibility services in Android devices to steal user credentials and media content. The malware derives its name from the title of the login page of its C2 server.
Propagated through the domain – supporttoapp[.]com, its malicious APK asks for permission to enable accessibility service and initiates communication with a C2 server for additional actions.
Its functionalities include –
- Keylogger functionality to steal passwords or other sensitive data typed by users.
- It Uninstalls apps on infected devices
- It is capable of making calls and sending text messages
- It can steal cryptocurrency wallet addresses and credentials.
- PINs for Google’s two-factor authentication can also be stolen.
Furthermore, the malware forces the users into granting extra privileges by opening the Settings app every eight seconds.
Although the list of applications that have been targeted by Oscorp Malware has not been prepared yet, Italy CERT suspects Oscorp to target apps that deal with confidential information. Until users enable the accessibility service, they are protected from damages.
To read more, please check eScan Blog
