Researchers Discover New Charming Kitten Mobile Malware

Security researchers working with IBM recently published an analysis of a new piece of Android malware that is spread and used by the threat actor known under the aliases Charming Kitten and APT35. The researchers stated that the malware is used by a threat actor they call ITG18, with suspected connections to Iran, but that this APT also has significant overlap with Charming Kitten.

The malware in question is called "LittleLooter" and acts as a backdoor for Android devices. LittleLooter is a tool used only by the ITG18 group, according to IBM's researchers. However, it is also one with some design issues in it.

The file containing the malware was found on a server belonging to and associated with the supposedly Iranian hacker group. The container was an Android app package posing as an installer for WhatsApp named "WhatsApp.apk", with the MD5 checksum "a04c2c3388da643ef67504ef8c6907fb".

LittleLooter is a varied stealer with a lot of capabilities that include recording video and sound from the infected device, uploading and exfiltrating files from the device, recording ongoing conversations, checking installed apps, manipulating the on/off status of various functionality on the device such as Bluetooth, Wi-Fi and mobile data and checking call logs.

The researchers previously also uncovered hours of videos intended to train hackers how to use a previous version of the malware. The most recent LittleLooter is stamped with v5, while the tutorials on how to use the malware were for v4.

For its command and control infrastructure, LittleLooter attempts to contact a server that claims to belong to an American flower shop, of all possible things, and has been online and running since mid-2020. Communication is both compressed and encrypted using AES.

As with all similar attacks and mobile malware, IBM's researchers recommended enabling multi-factor authentication on as many devices and applications on those devices as possible. Allison Wikoff, a security researcher with IBM Security X-Force, said researchers would continue hammering home the importance of MFA until they're "blue in the face", especially because not all vendors implement it or make it mandatory for their products.

By Zaib
August 6, 2021
Android Malware
English
August 6, 2021
Android Malware

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Computer Security

Researchers Spot New Malware Campaign Pushing Solarmarker

Security researchers with Cisco Talos have spotted and examined a new malicious campaign using the Solarmarker malware. According to the research, the new campaign is run by skilled and sophisticated threat actors.... Read more

July 30, 2021
Computer Security

Flubot Malware Infecting Android Mobile Devices

Owners of Android mobile devices, phones in particular, living in the UK have recently been targeted by a new malware campaign. The malware in question is called Flubut and acts as spyware. Flubot is being... Read more

April 27, 2021
Malware

Remove Great Discover

Great Discover is a fake Windows application, which is typically installed without the user's approval. It is not the product of an official software publisher, and you will not find any official information regarding... Read more

July 29, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.