The PolySwarm Blog

Executive Summary

Goldoson, a privacy-invasive and clicker adware, was recently discovered in several popular Android apps in South Korea. It generates revenue for the threat actors via fraudulent recursive visits to hidden ads on the infected device.

Related Families: SOVA
Verticals Targeted: Financial, Cryptocurrency 

Related Families: Wroba.o, Xloader

Executive Summary

Kaspersky SecureList recently reported on a Roaming Mantis campaign using Wroba.o with DNS hijacking to infect routers and Android devices.

Key Takeaways

Related Families: Ermac
Verticals Targeted: Financial

Executive Summary

Threat Fabric recently reported on Hook, an Android banking trojan that is a fork of Ermac.

Related Families: Anubis
Verticals Targeted: Financial

Verticals Targeted: Financial, Government, Journalism, Various

Executive Summary

This report is part of PolySwarm’s 2022 Recap series. This edition provides an overview of the 2022 mobile malware threat landscape.

Key Takeaways

• The 2022 mobile malware threat landscape saw a 500% increase in malware distribution in early 2022, and mobile malware continued to be rampant throughout the year.
• Some of the attack vectors used by threat actors to distribute mobile malware in 2022 include apps injected with malicious code, zero-click attacks, TOAD, and smashing.
• Types of mobile malware that were prolific in 2022 include banking trojans, dropper apps, spyware, mobile ransomware, and subscriber trojans.

Related Families: Elibomi, FakeReward, AxBanker, IcRAT, IcSpy
Verticals Targeted: Financial

Executive Summary

Trend Micro recently reported on a phishing and Android malware campaign targeting clients of multiple banks in India. The campaign leverages multiple malware families, including Elibomi, FakeReward, AxBanker, IcRAT, and IcSpy.

Verticals Targeted: Financial

Executive Summary

ThreatFabric recently reported on multiple Android droppers found on the Google Play Store distributing banking trojans.