216.73.217.19

A closer look at the Tria stealer campaign

· Published 30/01/2025 15:51 · Modified 30/01/2025 16:03

Export JSON

Essential information

Published
30/01/2025 15:51
Modified
30/01/2025 16:03
Tags
2025-01-30 android phishing telegram bots tria stealer
Related entities
3 observables, 1 techniques (mitre), 1 malware, 2 others

Description

A malicious campaign named has been targeting users in Malaysia and Brunei since mid-2024. The campaign uses wedding invitation lures to trick victims into installing a malicious app that collects SMS data, tracks call logs, and steals messages from apps like WhatsApp and emails from Gmail and Outlook. The stolen data is exfiltrated to . The threat actor uses this information to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other online accounts. The campaign is likely operated by an Indonesian-speaking threat actor and remains active, with the malware evolving to target more personal communications data.

External references