A closer look at the Tria stealer campaign

SUMMARY :

A malicious Android campaign named Tria Stealer has been targeting users in Malaysia and Brunei since mid-2024. The campaign uses wedding invitation lures to trick victims into installing a malicious app that collects SMS data, tracks call logs, and steals messages from apps like WhatsApp and emails from Gmail and Outlook. The stolen data is exfiltrated to Telegram bots. The threat actor uses this information to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other online accounts. The campaign is likely operated by an Indonesian-speaking threat actor and remains active, with the malware evolving to target more personal communications data.

OPENCTI LABELS :

phishing,android,telegram bots,tria stealer


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


A closer look at the Tria stealer campaign