Detecting bank trojans which steal 2FA token through the code (Android)
Tags
attack-pattern: Credentials - T1589.001 Malware - T1587.001 Malware - T1588.001
Show in Graph
Common Information
Type Value
UUID 26fcea15-dc3a-42aa-8387-0d9c3912d4ef
Fingerprint 8f289aa48a89c411
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 1, 2015, midnight
Added to db Jan. 18, 2023, 7:32 p.m.
Last updated Sept. 4, 2024, 11:07 p.m.
Headline Some stuff about security..
Title Detecting bank trojans which steal 2FA token through the code (Android)
Detected Hints/Tags/Attributes 14/1/2
Source URLs
Redirection Url
Details Source http://blog.angelalonso.es/2015/11/detecting-bank-trojans-which-steal-2fa.html
URL Provider
Details Provider Source level domain
Details angelalonso.es blog.angelalonso.es
Attributes
Details Type #Events CTI Value
Details Domain 6 
android.intent.action.call
Details Yara rule 1 
rule call_forward {
	strings:
		$my_text_string = "*21"
		$my_text_string2 = "#21"
		$my_text_string3 = "android.intent.action.CALL"
	condition:
		($my_text_string and $my_text_string3) or ($my_text_string2 and $my_text_string3)
}