April 30, 2024 at 12:49PM
A new Android malware named ‘Wpeeper’ was discovered in unofficial app stores, utilizing compromised WordPress sites as relay points for its command and control servers. The malware, discovered by QAX’s XLab team, had zero detections on Virus Total and infected thousands of devices. It features sophisticated C2 communication and 13 distinct commands for stealing data. It’s advisable to only install apps from Google Play and activate Play Protect.
From the provided meeting notes, we can conclude the following key takeaways:
1. A new Android backdoor malware called ‘Wpeeper’ has been identified, which uses compromised WordPress sites to act as relays for its command and control (C2) servers, thereby evading detection.
2. The malware was discovered by QAX’s XLab team on April 18, 2024, and had zero detections on Virus Total. It abruptly ceased activity on April 22, likely to evade security professionals and automated systems.
3. Wpeeper has infected thousands of devices, but the actual scale remains unknown.
4. It leverages compromised WordPress sites as relay points, uses AES encryption, and supports 13 distinct functions for stealing data and executing commands on infected devices.
5. Potential risks associated with Wpeeper include account hijacking, network infiltration, intelligence collection, identity theft, and financial fraud.
6. To mitigate the risks, it is recommended to only install applications from the official app store, Google Play, and activate the built-in anti-malware tool, Play Protect, on Android devices.
These takeaways provide a clear understanding of the Wpeeper malware, its capabilities, and the recommended preventive measures for Android users.