search

chartingshow / crypto-firewall

🎁 Blocks browser-based crypto mining, cryptojacking, banking and crypto malware and phishing websites, apps and hackers command-and-control (C2) servers.
GNU General Public License v3.0
14 stars 0 forks source link

Block `Ajina.Banker` malware disguising itself as legitimate apps to steal banking information and intercept 2FA messages #584

Closed summercms closed 1 month ago

summercms commented 1 month ago

Enhancement idea

Description

The threat actors have been spreading malicious Android malware designed to steal users’ personal and banking information, and potentially intercept 2FA messages.

Screenshots

n/a

Links

https://www.group-ib.com/blog/ajina-malware/

https://www.virustotal.com/gui/file/a635b9869dcd5e17a0d2b965118cd5c6665c974f1782f95d6826df7bb3ba37e6

https://www.virustotal.com/gui/file/8269b64b8cf38bdaa1b632968dc69172fcc830e9ad0c00cd6bebc586dec4af1f

IOC

I2P websites

n/a

IPFS websites

n/a

Tor2web websites

n/a

TOR websites

n/a

URL's

n/a

Folders

n/a

Sub-Domains

n/a

Domains

n/a

IP's

109.120.135.42
147.45.42.85
45.15.157.38
46.226.160.19
46.226.167.24
5.42.77.147
77.105.166.215
77.221.136.21
79.137.202.32
79.137.205.212

ASN's

n/a

Emails

n/a

Wallet addresses

n/a

Mining pool addresses

n/a