216.73.217.19

Tria stealer targets Android users for SMS exfiltration and financial gain

· Published 30/01/2025 17:08 · Modified 30/01/2025 17:33

Export JSON

Essential information

Published
30/01/2025 17:08
Modified
30/01/2025 17:33
Tags
2025-01-30 android brunei stealer telegram tria stealer
Related entities
3 observables, 3 techniques (mitre), 1 malware, 2 others

Description

Since mid-2024, a malicious campaign dubbed '' has been targeting users in Malaysia and using wedding invitation lures. The malware collects SMS data, call logs, messages from apps like WhatsApp, and email data from Gmail and Outlook. It exfiltrates this information to bots used as C2 servers. The threat actor exploits the stolen data to hijack personal messaging accounts, impersonate victims to request money transfers, and compromise other accounts. The campaign is likely operated by an Indonesian-speaking threat actor based on language artifacts found. The malware continues to be actively distributed as of January 2025, focusing on expanding its victim pool and financial fraud.

External references