2022-09-15 Scam Android app steals Bank Credentials and SMS MyPetronas APK

📃Title: Scam Android app steals Bank Credentials and SMS: MyPetronas APK
📅Date: 2022-09-15
🔗References:

• https://notes.netbytesec.com/2022/09/scam-android-app-steals-bank.html

🔖Rectifyq Taxonomies:

• relevancy: 🔴 Highly Relevant
• category: ⚔Threat
• sub-category: campaign-analysis
• target: targeted
• MY-relevancy: relevant
• topic: mobile-attack

🔖MISP Galaxies:

• target-information=“Malaysia”
• f3b46834-6ce9-44ef-852d-d7ac61a12920=“f8334ef2-9d35-48de-aa5e-bcdcd4c4d714”
• mitre-attack-pattern=[]

MISP event uuid: 1593737f-2ea7-4979-9ae0-0cf117af1c26

Indicator of Compromise (IoCs)

type,value,comment
md5, f7d4a2b5fdb45c258fccd3059d12fee9, 'No sample in VT\r\nLast check:29/04/2025'
domain, pt-gift.store, 'Landing page'
domain, gpost996.online, 'retrieve banking information'
domain, lapks.online, 'retrieve user information'
domain, sgbx.online, 'retrieve SMS'
url, https://lapks.online/skyblue_888a/api/api.php?post_order, 'Post user information to C&C server'
url, https://gpost996.online/post.php, 'Post online banking credential to C&C server'
url, https://sgbx.online?pass=app168&cmd=sms&sid=%1$s&sms=%2$s, 'Post SMS data to C&C server'

Full IOCs available in Rectifyq's MISP```