New variants of the Copybara malware are currently spreading on Android devices worldwide. The malware exploits Android’s accessibility service to manipulate infected devices. The Android Accessibility Service is a framework that enables the development of features such as screen magnifiers, voice control, gesture control, and switch control. These services assist users with visual, hearing, or mobility disabilities through alternative interaction methods.
Advertisement
Photo Features: What Apple is planning for the iPhone 16
The basis of this new malware is based on the well-known Copybara Trojan, which has been active since 2021. The Trojan has nothing to do with the open source tool of the same name, which is used to copy repositories. Like portals Cyber ​​Security News ReportThe new variant was first spotted and analyzed in November 2023. It became clear that the new Trojan has been developed significantly further and now has several new functions. Features now include keylogging, intercepting SMS messages, taking and forwarding screenshots, stealing login information, and the ability to remotely control an Android device. The malware uses the MQTT protocol to transmit control commands.
Spread through unsafe downloads
This spread occurs through the installation of manipulated apps, which then load malicious code. Cybercriminals use targeted contact details to trick potential victims into installing malicious code via SMS phishing (smishing) or voice phishing (vishing). The associated download sites also disguise the malware as extensions for Google Chrome or IPTV service apps to trick victims into recklessly installing them. Security experts generally warn against downloading apps from unknown websites or sources outside of verified app stores. Protecting yourself from malware isn’t hard, as this article on Heise Online explains.
Recently, Copybara malware attacks have been observed in connection with financial fraud, and this malware is said to be developed using the B4A (Basic4Android) framework. The app disguises itself as a regular financial app and lures victims to prepared phishing pages that target cryptocurrency exchanges and financial institutions. These sites are almost indistinguishable from the original site in appearance and are aimed at accessing victims’ account details and personal data or redirecting transfers.
(USC)
Malware as a Service: Cthulhu steals macOS keychain and more
