Feb. 6, 2024, 3:41 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

Android/Phoenix is a malicious Remote Access Tool. Its main goal is to extensively spy on the victim’s phone (grab all screenshots, steal the unlock gesture etc). The attacker controls the infected phone via various predefined commands sent on a websocket.

This blog post contains the reverse engineering of sample 6485ead2248298b48d4e677d3fb740b8ce8688bc7b4adb7a4d2ac3af827da46b of mid January 2024. The sample poses as a Google Calendar application.

The malware poses as a Google Calendar application and asks the user to enable Accessibility …

access android attacker blog blog post controls engineering etc goal grab january january 2024 main malicious malware analysis phoenix phone remote access remote access tool reverse reverse engineering sample screenshots spy steal tool unlock victim websocket

Cloud Support Engineer

@ General Dynamics Information Technology | USA UT Roy - 5770 Missile Way, Roy, UT 84067 (UTC018)

Senior SIEM Developer (Cortex)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Director, Product Management (Cloud Application Security)

@ Palo Alto Networks | Tel Aviv-Yafo, Israel

Cyber Security Specialist, Cyber Awareness Training & Strategic Projects

@ Grab | Petaling Jaya, Malaysia

Cyber Security Analyst (m/f/d)

@ Project A | Berlin

Cyber Security Analyst (m/w/d)

@ Project A | Berlin