FinStealer is a sophisticated malware campaign targeting customers of a major Indian bank through fake mobile applications. The malware, identified as Trojan.rewardsteal/joxpk, uses advanced techniques like XOR-based string obfuscation, WebView exploitation, and a dual command-and-control (C2) infrastructure via IP servers and Telegram bots to steal banking credentials and personal information. It is distributed through a fraudulent website (motocharge[.]online) that mimics legitimate banking apps. Security researchers discovered a critical vulnerability (CVE-2011-2688) in the malware's C2 server, which allows SQL injection attacks. To mitigate the threat, experts recommend implementing advanced endpoint protection, monitoring for suspicious activity, conducting security audits, and blocking known malicious indicators. Continue here.
