Cyber Attack cyber

VK

Jan 8, 2025 1 min read
VK

The FireScam Android malware, masquerading as a 'Telegram Premium' app, targeted Android devices with the potential to exfiltrate sensitive user data. It was distributed through a phishing website, craftily resembling the RuStore app store. The malware could intercept notifications to steal credentials and financial data, sending them to a Firebase database. Once installed, it requested permissions that would allow it to bypass user controls and maintain persistence on the device. This incident put user privacy and security at risk and compromised the integrity of the affected devices, leading to potential financial loss and reputation damage.

Source: https://securityaffairs.com/172656/malware/firescam-android-malware.html

TPRM report: https://scoringcyber.rankiteo.com/company/vkcompany

"id": "vkc000010825",
"linkid": "vkcompany",
"type": "Cyber Attack",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'type': 'Users'}],
 'attack_vector': 'Phishing, Malicious App',
 'data_breach': {'data_exfiltration': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Credentials', 'Financial Data']},
 'description': "The FireScam Android malware, masquerading as a 'Telegram "
                "Premium' app, targeted Android devices with the potential to "
                'exfiltrate sensitive user data. It was distributed through a '
                'phishing website, craftily resembling the RuStore app store. '
                'The malware could intercept notifications to steal '
                'credentials and financial data, sending them to a Firebase '
                'database. Once installed, it requested permissions that would '
                'allow it to bypass user controls and maintain persistence on '
                'the device. This incident put user privacy and security at '
                'risk and compromised the integrity of the affected devices, '
                'leading to potential financial loss and reputation damage.',
 'impact': {'brand_reputation_impact': 'Significant',
            'data_compromised': ['Credentials', 'Financial Data'],
            'systems_affected': ['Android Devices']},
 'initial_access_broker': {'entry_point': 'Phishing Website'},
 'motivation': 'Financial Gain, Data Theft',
 'title': 'FireScam Android Malware Incident',
 'type': 'Malware',
 'vulnerability_exploited': 'User Trust in App Stores'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.