A newly discovered Android malware campaign, dubbed Tria Stealer, has been targeting users in Malaysia and Brunei since mid-2024.
Leveraging fake wedding invitations as a lure, this Trojan steals sensitive data, including SMS messages, call logs, and app notifications, and exfiltrates it to attackers via Telegram bots.
The campaign has raised significant cybersecurity concerns due to its sophisticated techniques and social engineering tactics.
Cybersecurity analysts at Kaspersky Labs discovered that the malware is distributed as an APK file through personal and group chats on WhatsApp and Telegram.
Victims are tricked into downloading the app under the guise of viewing a digital wedding invitation.
Upon installation, the malware requests permissions such as android.permission.RECEIVE_SMS, android.permission.READ_CALL_LOG, and android.permission.BIND_NOTIFICATION_LISTENER_SERVICE, granting it access to SMS messages, call logs, and app notifications.
Once installed, the app disguises itself as a system settings application using a gear icon to appear legitimate.
During its first execution, it collects device information (like brand and model) and the victim’s phone number.
This data is assembled into a string and sent to a Command-and-Control (C2) server via Telegram API calls.
The key features of Tria stealer includes:-
To protect against Tria Stealer, avoid installing APKs from untrusted sources and use reliable mobile security solutions that can detect threats like HEUR:Trojan-Spy.AndroidOS.Agent.*.
Additionally, regularly updating device software helps patch vulnerabilities and enhances security.
By exploiting social engineering tactics and leveraging Telegram for C2 communication, it poses a significant threat to user privacy and security.
Users in Malaysia and Brunei remain primary targets, but the global Android community must remain vigilant against such attacks.
Collect Threat Intelligence with TI Lookup to Improve Your Company’s Security - Get 50 Free Request

source