MaaS
-
Recorded Future identifies four threat clusters using CastleLoader
Recorded Future’s Insikt Group identified four clusters using the CastleLoader malware loader, assigned the operator the name GrayBravo, and detailed distinct tactics, payloads and a multi-tiered infrastructure while noting the loader’s proliferation among other threat actors.
-
New Android RAT ‘Albiriox’ marketed as MaaS targets banking and crypto apps
A new Android remote access trojan called Albiriox is being sold as malware‑as‑a‑service and targets more than 400 banking, payment and crypto apps using droppers, VNC‑based remote control, accessibility abuses and overlays to conduct on‑device fraud, researchers reported.
-
Researchers detail BankBot‑YNRK and DeliveryRAT Android trojans that steal credentials and payment data
Researchers say two Android trojans, BankBot‑YNRK and DeliveryRAT, have been observed harvesting credentials, payment and device data; reports from CYFIRMA and F6 detail targeted device checks, use of accessibility services, persistence mechanisms and distribution via fake apps and malware‑as‑a‑service.
-
Herodotus Android malware uses human-like typing delays to evade detection
Threat Fabric has identified Herodotus, an Android malware-as-a-service that uses randomized typing delays to mimic human input and evade timing-based detection, and is being distributed via SMS to users in Italy and Brazil.
