HookBot Malware Use Overlay Attacks Impersonate As Popular Brands To Steal Data

3 weeks, 1 day ago gbhackers

The HookBot malware family employs overlay attacks to trick users into revealing sensitive information by impersonating various brands and apps to gain trust. It also utilizes C2 servers to receive updates and evolve continuously.

A builder tool empowers threat actors to create custom HookBot apps as the malware is often distributed through Telegram, where it’s sold at varying prices, indicating a competitive market for such tools.

HookBot, a mobile banking Trojan, infiltrates Android devices by masquerading as legitimate apps, which, sourced from unofficial channels or bypassing Google Play store security, establish covert communication with a C2 server.

App overlay mimicking Airbnb login screen.

Once installed, HookBot extracts sensitive user data, including banking credentials and PII, employing techniques like app overlays and device surveillance.

This data is then transmitted to the C2 server, facilitating financial fraud and other cybercrimes.

Build an in-house SOC or outsource SOC-as-a-Service -> Calculate Costs

Overlay ...

Copyright of this story solely belongs to gbhackers . To see the full text click HERE

Share: