FinStealer

SUMMARY :

A sophisticated malware campaign exploits a leading Indian bank's brand through fraudulent mobile applications. Distributed via phishing links and social engineering, these fake apps mimic legitimate bank apps, tricking users into revealing sensitive information. The malware uses advanced evasion techniques, including encrypted communication with C2 servers, dynamic payload execution, and runtime behavior alterations. The attackers aim for financial gain through credential theft, unauthorized transactions, and data sale on darknet forums. The campaign employs Telegram bots, SQL injection attacks, and XOR encryption. The analysis highlights the threat's impact and provides recommendations for mitigation, including advanced monitoring, vulnerability patching, and user education.

OPENCTI LABELS :

phishing,banking,telegram,android,sql injection,credential theft,mobile,c2 servers,xor encryption,finstealer,trojan.rewardsteal/joxpk,cve-2011-2688


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


FinStealer