A sophisticated malware campaign has seen a dramatic increase since its emergence in April 2024, now affecting users in Russia, Poland, Czech Republic, Slovakia, and Brazil. Over 760 malicious applications have been detected, exploiting Near Field Communication (NFC) technology and masquerading as legitimate financial apps. The malware captures sensitive payment data during transactions, transferring this information to threat actors through Telegram channels.
Zimperium analysts uncovered a significant infrastructure supporting this campaign, revealing more than 70 command-and-control servers and numerous impersonated institutions including major Russian banks and international brands such as Santander. These apps use advanced techniques to communicate with their control servers, allowing real-time data exchange and the extraction of complete payment credentials. The operations of malicious software vary, with some versions functioning as scanners for card data, while others directly exfiltrate credentials to attacker-controlled environments.
👉 Pročitaj original: Cyber Security News
