Technical Analysis of Copybara

216.73.217.22

Technical Analysis of Copybara

· Published 22/08/2024 18:16 · Modified 22/08/2024 18:52

Essential information

Published: 22/08/2024 18:16
Modified: 22/08/2024 18:52
Tags: 2024-08-22 android copybara
Related entities: 107 observables, 15 techniques (mitre), 1 malware

Description

This report presents a comprehensive technical analysis of a newly discovered variant of the Copybara Android malware. The malware, which emerged in November 2021, is primarily spread through voice phishing attacks. It utilizes the MQTT protocol for command-and-control communication and abuses Android's Accessibility Service to exert control over infected devices. The malware downloads phishing pages mimicking cryptocurrency exchanges and financial institutions to steal user credentials. The analysis covers 59 supported commands with detailed functionality descriptions, providing valuable insights into the malware's capabilities.

External references

https://www.zscaler.com/blogs/security-research/technical-analysis-copybara
https://otx.alienvault.com/pulse/66c7807a25c0da4218ce424c