Tria stealer targets Android users for SMS exfiltration and financial gain
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Since mid-2024, a malicious Android campaign dubbed 'Tria Stealer' has been targeting users in Malaysia and Brunei using wedding invitation lures. The malware collects SMS data, call logs, messages from apps like WhatsApp, and email data from Gmail and Outlook. It exfiltrates this information to Telegram bots used as C2 servers. The threat actor exploits the stolen data to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other accounts. The campaign is likely operated by an Indonesian-speaking threat actor based on language artifacts found. The malware continues to be actively distributed as of January 2025, focusing on expanding its victim pool and financial fraud.
OPENCTI LABELS :
stealer,telegram,android,tria stealer,brunei
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Tria stealer targets Android users for SMS exfiltration and financial gain