The Mobile Malware Chronicles: Necro.N - Volume 101

SUMMARY :

Zimperium's zLabs researchers have been tracking Necro.N, a highly intrusive mobile malware campaign, since July. This malware, potentially succeeding Joker, uses obfuscation and steganography to hide malicious payloads within images. It downloads payloads from C2 servers, enabling remote code execution on infected devices. The malware is distributed through a deceptive advertising SDK integrated into mobile apps. Two main libraries, 'libcoral.so' and 'libsvm.so', are used to execute the malicious code. Out of 37 samples analyzed, 78% used 'libcoral.so' and 22% used 'libsvm.so'. The malware can install applications, open invisible WebViews, and subscribe victims to unwanted paid services. Zimperium's on-device detection engine has successfully identified and neutralized all related malware samples and malicious URLs.

OPENCTI LABELS :

obfuscation,c2 server,steganography,mobile malware,joker,necro.n,libsvm.so,fleeceware,advertising sdk,libcoral.so


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


The Mobile Malware Chronicles: Necro.N - Volume 101