A new malware has emerged on the threat landscape scene. Dubbed MasterFred malware, this is designed as an Android trojan that makes use of false login overlays to target not only Netflix, Instagram, and Twitter users, but also bank customers. The hackers’ goal is to steal credit card information.
How Does MasterFred Malware Work?
According to BleepingComputer publication, MasterFred malware stands out through some specific characteristics:
First thing first, the malware is distributed to Android devices; Some applications through which this kind of malware propagates also bundle the HTML overlays; Through these overlays, basically, false login forms are displayed in order to perform financial data theft from the users; Another particularity is that the onion.ws dark web gateway, also known as Tor2Web proxy is used by MasterFred, being effective in the stolen data delivery to Tor network servers belonging to operators that control this malware; It seems that third-party stores also represent delivery channels for this malware and there was reportedly also found one app in Google Play associated with the malware under discussion, according to Avast researchers.
We can say that at least one application was delivered via Google play. We believe that it has been removed