In the midst of the 2022 World Cup fever, don't download free streaming applications whose origins are unclear. The reason is that there is a football streaming application that is used to spread dangerous malware.
Security researchers from ThreatFaric found several modified Android apps masquerading as popular apps, including Football Live Streaming, Instagram, WiFi Auto Authenticator, and others.
At first glance, these apps look genuine, but have been modified by the Zombinder platform by injecting malware into them. These apps can work as normal, but Zombinder adds a malware payload to the code.
This loader is designed to avoid detection, so when the user opens the application the loader will display a warning to install the plugin. If the warning is received, the loader will install the malicious payload and open it in the background.
The Zombinder service provider claims that malicious applications embedded with malware cannot be detected and can bypass the supervision of Google Play Protect or antivirus applications.
Advertisements
The self-deployed malware is Ermac's banking malware. This malware can threaten user security by using keylogging, stealing emails from Gmail, intercepting 2FA codes, and stealing crypto wallets, as quoted by Bleeping Computer, Wednesday (14/12/2022).
Apart from Android malware, similar attack campaigns are also targeting Windows users. This campaign mimics a Wi-Fi authorization portal whose page is full of typos.
If a visitor to the page clicks the "Download for Windows" button, downloading dangerous Windows malware. The samples found by ThreatFabric include the Erbiu,m, Laplas and Aurora malware.