A new Android malware named ‘FireScam’ has surfaced, disguised as a premium version of the Telegram app. Distributed through phishing websites hosted on GitHub, the malware tricks users by mimicking the interface of RuStore, Russia’s official mobile app market.
This development underscores the increasing sophistication of cyber threats leveraging trusted platforms and applications.
RuStore, launched in May 2022 by Russian internet giant VK (VKontakte) with support from the Ministry of Digital Development, was designed as an alternative to Google Play and Apple’s App Store. It was created to ensure Russian users have access to mobile software amid Western sanctions. RuStore hosts applications that comply with Russian regulations, becoming an essential tool for domestic users.
However, cybercriminals have exploited RuStore’s credibility to distribute malware under the guise of legitimate applications.
According to cybersecurity researchers at Cyfirma, the malware is delivered via a GitHub-hosted phishing page mimicking RuStore. The page provides an initial payload named GetAppsRu.apk, a dropper module obfuscated with DexGuard to bypass detection mechanisms.
Once installed, the dropper module gains permissions to:
- Identify installed apps.
- Access device storage.
- Install additional packages.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: