CYFIRMA just lately disclosed Lazarus Stealer, a complicated Android banking malware concentrating on Russian customers below the guise of a authentic utility app known as GiftFlipSoft. This trojan stays hidden from the system’s interface, utilizing high-risk permissions and stealth methods to reap delicate credentials.
Lazarus Stealer requests intrusive permissions, together with default SMS function, overlay capabilities, and utilization entry, permitting it to intercept one-time passwords, monitor app exercise, and deploy phishing overlays onto real banking functions. It conceals itself by hiding from launchers and up to date lists, dynamically masses phishing content material through WebView, and runs persistent background companies to exfiltrate information to its command-and-control infrastructure—all whereas remaining invisible to the person.
Zimperium’s Cellular Menace Protection (MTD) and Cellular Runtime Safety (zDefend) detect the reported pattern with excessive accuracy and in a zero-day style. Past the menace as described, our proactive efforts recognized 46 further samples linked to the Lazarus Stealer marketing campaign, increasing the identified assault floor and reinforcing cellular defenses.
Why this issues: Lazarus Stealer exemplifies the evolving sophistication of cellular banking trojans—staying hidden, abusing privileged entry, and adapting content material in real-time to trick customers. Its means to intercept SMS, overlay faux login screens, and exfiltrate credentials makes it extremely harmful for monetary establishments and customers alike. Cellular defenses should detect misuse of SMS roles, overlay abuses, and anomalous community exercise—all on-device.
Zimperium stays dedicated to uncovering and neutralizing rising threats like Lazarus Stealer, delivering strong, real-time cellular safety.
For full technical particulars, see CYFIRMA’s report right here.
The checklist of latest IOCs might be present in this repository.