Potential victims who download an infected Windows app also download the Erbium stealer, a popular form of Windows malware that steals saved passwords, credit card details, cookies and cryptocurrency wallet data.
The victims remain unaware that they have also been infected by malware.Īlthough Android apps are the core focus of Zombinder, those behind the service also offer binding for Windows apps. Varying from other malicious campaigns where apps don’t work, the Zombinder-infected application works as advertised. Distribution involves the modified application being advertised and downloaded from a malicious website that mimics the original website of the application, with the victim tricked into visiting the site through malicious ads. In its latest campaign, Zombinder has been distributing the Xenomorph banking malware under the guise of a VidMate application. In an advertisement on a hacking forum, those behind the service pitch it as offering a universal binder that would allow malware to be bound with almost any legitimate application. As the researchers dug further, they uncovered a campaign that employed several different types of malware targeting Android and Windows users, including Erbium, the Aurora stealer and Laplas “clipper.”Ĭampaigns using various forms of malware installed on Android apps are nothing new and are sadly all too familiar in 2022, but where the story gets interesting is that the researchers traced the campaign back to a third-party darknet service provider, which they dubbed Zombinder.Īdvertising on the dark web as an application programming interface binding service, Zombinder launched in March 2022 and is now believed to be used by different threat actors.
A newly discovered service on the dark web has been found to allow cybercriminals to easily add malware to legitimate apps.ĭetailed today by researchers at ThreatFabric B.V., “Zombinder” was discovered while researching several cases of threat actors using a form of Android banking malware known as Ermac.
0 kommentar(er)
