A new Android banking malware called deVixor combines traditional credential theft with advanced ransomware capabilities, targeting Iranian users initially. This malware operates as a scalable, service-driven platform using Telegram and Firebase for control and updates, indicating ongoing criminal activity. #deVixor #AndroidRansomware
Keypoints
- deVixor is a sophisticated Android banking malware that combines RAT functions with ransomware modules.
- The malware targets Iranian users through phishing sites pretending to be automotive service providers.
- It uses Telegram bots and Firebase for centralized command and control, enabling large-scale infections.
- DeVixor can steal banking credentials, OTPs, and cryptocurrency exchange messages while avoiding detection.
- The malware features a ransomware component capable of locking devices and demanding cryptocurrency payments.
Read More: https://thecyberexpress.com/android-banking-malware-devixor-ransomware/