Facebook Linkedin
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • Careers
    • Explainers
    • Market Trends Report
    • One Quick Question
    • Trends and Predictions
  • PODCASTS
  • Get Featured
    • READING ROOM
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • GLOBAL BLOCKCHAIN IMPACT
      • SECURITY INTELLIGENCE REPORT
      • CLOUD FORENSICS
      • DIGITAL FORENSICS
      • CYBERSECURITY HIRING
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
Search
Friday, May 9, 2025
  • About us
  • Advisory Board
  • Careers
  • Write for CISO MAG
  • Editorial Calendar
Facebook Linkedin
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG | Cyber Security Magazine
Cisomag banner-Essentials
CISO MAG  - News and Updates| Cyber Security Magazine CISO MAG  - News and Updates| Cyber Security Magazine
  • NEWS
    • GOVERNANCE
    • STARTUPS
    • BUDGET
    • WORKFORCE
    • PARTNERSHIPS
    • THREATS
    • DATA PRIVACY
    • Regulations & Compliance
  • FEATURES
    • free-online-cybersecurity-courses-certifications
      Embark on a Cybersecurity Career with the Top Three Free Online Cybersecurity Courses
      PSTI IoT Bill, Common IoT Attacks
      3 Common IoT Attacks that Compromise Security
      Steganography attack
      How to Prevent Steganography Attacks
      Brainjacking
      How Brainjacking Became a New Cybersecurity Risk in Health Care
      Malicious QR Codes
      How Cybercriminals Exploit QR Codes to Their Advantage
      AllCareersExplainersMarket Trends ReportOne Quick QuestionTrends and Predictions
  • PODCASTS
  • Get Featured
    • READING ROOM
    • INTERVIEWS
    • WHITEPAPERS
    • INFOGRAPHICS
    • MARKET TRENDS REPORT
      • GLOBAL BLOCKCHAIN IMPACT
      • SECURITY INTELLIGENCE REPORT
      • CLOUD FORENSICS
      • DIGITAL FORENSICS
      • CYBERSECURITY HIRING
      • DATA SECURITY
      • ENDPOINT SECURITY
    • INNOVATOR’S CORNER
    • HOTSPOT
    • SPECIAL FEATURES
  • Videos
    • VIDEO INTERVIEWS
    • EVENT VIDEOS
    • WEEKLY NEWS
  • WEBINARS
  • EVENTS
    • Upcoming Events
    • Endorsed Events
    • E-Events
    • Masterclass
Home News New Android Malware “Oscorp” Spreads Malicious APK
  • News
  • Threats

New Android Malware “Oscorp” Spreads Malicious APK

New variant of Android malware “Oscorp” abuses accessibility services on the affected device to pilfer user sensitive data. When the user opens the apps targeted by Oscorp, it automatically redirects the user to a phishing page that asks for login credentials.

By
CISOMAG
-
January 29, 2021
Facebook
Twitter
Pinterest
WhatsApp
    BotenaGo, malware over encrypted connections

    Security experts from AddressIntel discovered a new strain of Android malware that exploits accessibility services in the compromised devices to steal users’ login credentials and media content. Dubbed “Oscorp” by Italy’s Computer Emergency Response Team (CERT-AGID), the malware prompts the user to install an accessibility service through which it can read what is present and typed on the screen.

    The Oscorp Malware

    Oscorp was identified in a domain supportoapp.com from which it downloads the malicious file clientassistance.apk uploaded to the remote server. Upon installation, the user is asked to enable the accessibility services, which will be used to access a series of permissions and establish communications with a C2 server to retrieve additional commands.

    “If the user has not enabled the accessibility service, the malware keeps reopening the settings screen to do so. This way the user is pressured to accept in the hope that the screen will stop showing up. If the accessibility service is enabled, but the permission to access the device usage statistics is not enabled, the malware continually reopens its settings screen. This allows the accessibility service to automatically set permissions to the malware. Finally, the same mechanism is used to enable the malware to interrupt Doze mode and to obtain at least one of the permissions requested in the manifest,” CERT-AGID explained.

    The permissions allow Oscorp to display various phishing pages when the user opens specific apps. Below is the list of permissions Oscorp asks:

    “As soon as the permissions are granted, a first call is made to ‘checkip.amazonaws.com’ from which it obtains the IP address of the compromised device and subsequently communicates with the C2 at this address ‘montanatony.Xyz’ on port 443. The C2 domain is reported in clear text within the APK but the commands for subsequent queries are obtained by decoding a series of strings encrypted with AES-CBC and embedded key,” CERT-AGID added.

    Oscorp’s Capabilities

    Oscorp malware leverages multiple capabilities to perform privileged actions automatically. These include:

    • Enable keylogger functionality
    • Automatically obtain the permissions and capabilities required by the malware
    • Uninstall app
    • Make calls
    • Send SMS
    • Stealing cryptocurrency
    • Stealing the PIN for Google’s 2FA

    While there is no evidence on what type of applications Oscorp targets, the CERT-AGID stated that this kind of malware mostly focuses on apps that store sensitive information like banking and messaging apps.

    • TAGS
    • AddressIntel
    • Android Malware
    • Android vulnerability
    • CERT-AGID
    • data breach
    • fake mobile apps
    • Italy's Computer Emergency Response Team
    • login credentials
    • Malicious APK
    • malicious apps
    • malware
    • Oscorp
    • phishing pages
    • sensitive data
    Facebook
    Twitter
    Pinterest
    WhatsApp
      Previous articlePreach and Practice Data Privacy Every Day
      Next articleGoogle Chrome OS Update: No Passwords, Only Fingerprint Required
      CISOMAG
      CISOMAG
      https://cisomag.com/

      RELATED ARTICLESMORE FROM AUTHOR

      PSTI IoT Bill, Common IoT Attacks
      Features

      3 Common IoT Attacks that Compromise Security

      SIM Swapping
      News

      FBI Issues a Lookout for SIM Swapping Attacks

      remote work, Remote workforce security
      News

      How Remote Work Increase Digital Anxiety



      Cyber Career Starter Scholarship

      Latest Issue is Out!

      Ciso mag jan
      cciso_sidebar
      boxbanner

      FOLLOW US FOR MORE UPDATES


      CYBER SHOTS
      Quick, punchy updates on Cyber trends, news and links to free resources. Only via Telegram and Signal. Join the groups now!
      Click Here Click Here

      MOST POPULAR

      Research Finds Increase in Botnet and Exploit Activity in Q2 2020

      45% companies don’t have cybersecurity leader: Study

      CISOMAG - December 11, 2017
      DEO data breach

      Nearly half of companies have suffered a data breach in the past year: Survey

      November 15, 2017
      Messaging

      Mobile messaging apps new hideout of Dark Web activities: Study

      October 27, 2017
      Kaspersky

      NSA hacking code lifted from a personal computer in U.S.: Kaspersky

      October 30, 2017

      Instagram data breach! 49 million users’ sensitive data exposed online

      May 23, 2019

      RECENT POSTS

      National Insider Risk Symposium

      May 5, 2025

      Cybersec Europe

      April 25, 2025

      HackVSIT 6.0

      April 25, 2025

      CyberX Bahrain

      April 23, 2025

      Infosecurity Europe

      April 23, 2025
      Cybersecurity News and Updates, Magazine
      CISOMAG is the handbook for Chief Information Security Officer (CISO)s, CXOs, and every stakeholder of safe internet.
      Contact us: [email protected]
      Facebook Linkedin

      EVEN MORE NEWS

      National Insider Risk Symposium

      May 5, 2025

      Cybersec Europe

      April 25, 2025

      HackVSIT 6.0

      April 25, 2025

      POPULAR CATEGORY

      • News2554
      • Threats1657
      • Features592
      • Partnerships215
      • Governance191
      • Startups161
      • Interviews120
      • Terms of Use
      • Privacy Policy
      • Advertise with us
      • Contact Us
      • MASTERCLASS
      © CISOMAG 2024
      We Care
      Ensuring that you get the best experience is our only purpose for using cookies. If you wish to continue, please accept. You are welcome to provide a controlled consent by visiting the cookie settings. For any further queries or information, please see our privacy policy.
      Do not sell my personal information.
      Cookie SettingsAccept
      Manage consent

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
      Necessary
      Always Enabled
      Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
      CookieDurationDescription
      cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
      cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
      cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
      cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
      cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
      viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
      Functional
      Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
      Performance
      Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
      Analytics
      Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
      Advertisement
      Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
      Others
      Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
      SAVE & ACCEPT
      MORE STORIES
      Upcoming Events

      National Insider Risk Symposium

      CISO MAG - May 5, 2025 0
      September 17-18, 2025 Location: National Housing Center, Washington, D.C., USA The National Insider Risk Symposium will return to Washington, DC this...