Hello, May I Own Your Phone?

Transcript

1. 2022 Hello, May I Own Your Phone?

2. Who are we? Aryan Singh • Sr. Threat Researcher 1

   @CloudSEK Anshuman Das • Cyber Threat Researcher @CloudSEK • Co-Author @securityzines.com Twitter: twitter.com/0x1shu LinkedIn: linkedin.com/in/0x1shu LinkedIn: linkedin.com/in/aryan-singh-me

3. Agenda • Classical scams in India • Our Research •

   The Malware • Evolution Over Time • Similar Campaign • Q&A

4. Credit:

5. Our Research • Evolution of Cybercriminals in India • Threat

   Actors shifting to sophisticated TTPs • Skilled folks moving into or supporting Cybercriminals • Threat actors are embracing new Technology at rapid rates

6. The Malware

7. Delivery Mechanism • Smishing • URL Shortener

8. Features of the Malware

9. None

10. Persistence Mechanism

11. Data Exfiltration Sending SMS to C2 Server Exfiltrating Call Logs

12. Put Device on Silent C2 Server

13. Deletion of SMS Deleting SMS

14. Encrypted Data Exfiltration Encryption Function Key

15. Banking Credentials C2 Server Post-infection Attack Chain

16. C2 Server cmd_silent Init. Transaction Bank

17. C2 Server Bank OTP:12345 cmd_upload_sms OTP:12345 Transaction Complete

18. C2 Server cmd_delete_sms Bank OTP:12345

19. Evolution Over time Type 1 <bank-name>reward/s.TLD <bank-name>point/s.TLD Type 2 <random

    characters>.TLD <generic-names>.TLD Type 3 e.g. XYZrewards.com XYZpoints.in e.g. kjasjdkakhasd87219382.link e.g. cashpoints.in Delivery Mechanism

20. Evolved Malware Features in initial version Features addition in newer

    version

21. Similar Campaign

22. None
23. None