September 12, 2024 at 01:12PM
Bank customers in Central Asia are under threat from a new Android malware named Ajina.Banker, aimed at stealing financial information and thwarting two-factor authentication. The malware is distributed through Telegram channels and targets countries such as Armenia, Azerbaijan, and Russia. The attackers use localized promotions and themed messages to maximize infections. The malware also shows signs of continued development.
Key Takeaways from the Meeting Notes:
1. A new strain of Android malware called Ajina.Banker has been targeting bank customers in the Central Asia region since at least November 2024.
2. The malware is distributed through a network of Telegram channels posing as legitimate banking, payment, and government service applications.
3. The malware is spread through crafted messages and APK files, leveraging the trust of users in legitimate services to maximize infection rates.
4. The threat actors employ localized promotion strategies and use themed messages to increase the likelihood of successful infections.
5. Ajina.Banker can gather SMS messages, SIM card information, financial app details, and even serve phishing pages to collect banking information.
6. The researchers noted evidence of cultural familiarity with the region in the activities of the attackers.
7. There are links between the Android malware families SpyNote and Gigabud, indicating a well-coordinated and broad campaign likely orchestrated by the same threat actor.
Please let me know if you need any further information or if there are specific action items to be derived from these takeaways.