Latest news with #PlayPraetor
Morocco World
4 days ago
- Morocco World
Morocco Top African Target in Chinese Malware Attack on 11,000 Devices Worldwide
Rabat – Cybersecurity researchers have identified Morocco as the main African target in a rapidly expanding global cybercrime operation using a sophisticated Android Remote Access Trojan (RAT) known as PlayPraetor. The large-scale campaign, orchestrated by Chinese-speaking threat actors, has infected more than 11,000 devices worldwide in under three months. While Europe remains the primary focus, with Portugal, Spain, and France recording the highest infection rates, a report by Cleafy Threat Intelligence said Morocco is the continent's most significant hotspot. 'Accounting for 22% of total infections, the botnet's footprint in Africa is characterised by a geographically dispersed activity, with the clear exception of Morocco, which has emerged as the continent's primary hotspot,' reads the report. The malware is spread through fraudulent Google Play Store pages and enables full real-time control of infected smartphones. Once installed, it can steal banking credentials, intercept SMS messages, capture screenshots, and even stream the victim's screen live to cybercriminals. The RAT is part of a Malware-as-a-Service (MaaS) model, which allows multiple criminal affiliates to run independent campaigns while using shared infrastructure. Moroccan victims are believed to be targeted primarily in French and Arabic. The growing Arabic-language infections, which saw a sharp spike in late June, may signal an intensifying wave of attacks against users in Morocco and across North Africa. The malware's operators have been continuously updating its capabilities, which makes it harder to detect and block. 'A final, telling development is the sudden, sharp spike in Arabic-speaking victims in the last week, which may signal the opening of another major campaign front,' added the report. The report concluded that the campaign is growing by more than 2,000 new infections each week, and is increasingly targeting Spanish and French speakers. Tags: Androidmalware attackMorocco
Forbes
05-08-2025
- Forbes
Do Not Install Apps On Your Phone If You See This Warning
Do not install these apps. getty Just days after the FBI warned Windows users that installing or updating Google Chrome may carry a ransomware threat, there's a similar warning for phone users. In its latest #StopRansomware advisory, the bureau says that unofficial Chrome updates can provide the initial entry for an attack. 'The fake Google Chrome browser executable functions as a remote access trojan (RAT),' which hides on a user's PC. Now Cleafy warns that PlayPraetor — an Android RAT — is also surging, fueled by the same kind of fake downloads the FBI flagged. Developed by Chinese-speaking threat actors, this malware attacks banking apps and crypto wallets. But there's an obvious warning — the crafted web domains on the app install or update pages. Forbes If You See These 2 Words On Your Phone, You May Be Hacked By Zak Doffman 'The botnet's rapid growth,' Cleafy says, "now exceeds 2,000 new infections per week." It is underpinned "by a Chinese-language Command and Control (C2) panel, which leverages a multi-tenant architecture to support a scalable affiliate model and includes automated tools for creating custom malware delivery pages." Put more simply, that means 'impersonating legitimate Google Play Store pages to trick victims into downloading malicious applications.' Again, this malware exploits Android's Accessibility Services, which enables it to overlay targeted apps to steal login credentials as the user interacts with the overlay. Fake Chrome "Play Store" page Cleafy 'An investigation of the overlay attack payloads,' Cleafy says, 'revealed an extensive list of global targets, including nearly 200 banking apps and cryptocurrency wallets." While fake Play Store pages 'is a well-established tactic among cybercrime groups,' the researchers say 'the truly significant aspect of these campaigns lies in their scale.' This includes 'using more than 16,000 URLs and employing various techniques to profit from victims. This evolution marks a clear transition from a regional to a global threat.' Forbes This 'Real World Virus' Is 'Widespread And Dangerous' And Will Attack Your PC By Zak Doffman Staying safe is easy — don't install or update apps from outside Play Store. While Google's official app marketplace is not without its issues, these attacks rely on duplicating real download pages for well known apps to trick users. Don't install apps in this way. Ensure Play Protect is enabled on your phone. And if you ever do find yourself tempted to hit download or install on a website, check the URL. If it's anything other than then you're about to fall victim to an attack. Cleafy warns that 'PlayPraetor represents another significant entry from Chinese-speaking threat actors into the global financial fraud landscape.' This malware, the team says, is 'a dynamic and highly relevant threat to the global financial ecosystem.'
