2026-06-06 MA-1451.062026 MyCERT Advisory - Multi-Variant Android Banking Trojan Campaign Targeting Malaysian Banking Users (Delivery4U / KerjaExpress / MaxTag)| Threat Intelligence Malaysia

📃Title: MA-1451.062026: MyCERT Advisory - Multi-Variant Android Banking Trojan Campaign Targeting Malaysian Banking Users (Delivery4U / KerjaExpress / MaxTag)
📅Date: 2026-06-06
🔗References:

https://www.mycert.org.my/portal/advisory?id=MA-1451.062026

🔖Rectifyq Taxonomies:

relevancy: 🔴 Highly Relevant
category: ⚔Threat
sub-category: campaign-analysis
topic: mobile-attack
target: broad-based
MY-relevancy: relevant

🔖MISP Galaxies:

target-information=“Malaysia”
operating-system=“Android”
mitre-attack-pattern=[‘T1446’, ‘T1412’, ‘T1444’, ‘T1684’, ‘T1453’, ‘T1513’, ‘T1496’]

MISP event uuid: c0fb7f53-b749-40f8-99b8-b7339530bb6f

Indicator of Compromise (IoCs)

type,value,comment
md5, ba7c0059d2236bf914c26ce8034ab1bf, 'D4Ucod.apk'
md5, 609ea1b31d73c66eec9086e5e2bc3f45, 'Stage 3 APK (musics.emitter.indexer)'
ip-dst, 209.92.170.40, 'Active C2 / payload host (nginx/1.18.0, Ubuntu)'
ip-dst, 142.91.101.182, 'Legacy C2 host'
sha256, de5cc3b4d5f34aabfc13d94f13c63670f481cf74dad66cde19b8e920031fdc89, 'Stage 4 payload (ads.txt, encrypted) No sample in VT\r\nLast check:26/06/2026'

Full IOCs available in Rectifyq’s MISP

Rectifyq

Explorer

2026-06-06 MA-1451.062026 MyCERT Advisory - Multi-Variant Android Banking Trojan Campaign Targeting Malaysian Banking Users (Delivery4U / KerjaExpress / MaxTag)

Indicator of Compromise (IoCs)

🔴 Latest Relevant 🇲🇾 Threat Articles

2026-06-25 SharpPanda Strike Again

2026-06-22 MA-1464.062026 MyCERT Alert - Malware Campaign Delivering Malicious VBScript via WhatsApp Desktop

2026-06-22 An unknown actor distributes malicious VBS scripts via WhatsApp

Graph View