"These samples can be directly linked to the same threat actors and represent two additional iterations of Iranian mobile banking malware since the original research. The first iteration is identical to what was previously reported but includes new targets, the second iteration includes many new capabilities and evasion techniques to make the attack more successful," Zimperium says.
Masquerading as their legitimate counterparts available through the popular Iranian marketplace Cafe Bazaar, the applications were being distributed via phishing websites.
In a Tuesday report, Zimperium notes that the 40 applications were just the tip of the iceberg, as 245 other malicious applications linked to the same campaign have been uncovered, including 28 that had not been detected by the VirusTotal scanning engine.
[
add
]
[
|
|
...
]