{"id":30,"date":"2025-02-04T16:47:38","date_gmt":"2025-02-04T16:47:38","guid":{"rendered":"https:\/\/infosecinsider.xyz\/?p=30"},"modified":"2025-02-04T16:47:38","modified_gmt":"2025-02-04T16:47:38","slug":"hackers-use-fake-wedding-invitations-to-spread-android-malware-in-southeast-asia","status":"publish","type":"post","link":"https:\/\/infosecinsider.xyz\/?p=30","title":{"rendered":"Hackers use fake wedding invitations to spread Android malware in Southeast Asia"},"content":{"rendered":"\n<p>Cybercriminals are using fake wedding invitations targeting users in Malaysia and Brunei to distribute a newly discovered Android malware called Tria.<\/p>\n\n\n\n<p>Since mid-2024, the attackers have been spreading the malware through private and group chats on Telegram and WhatsApp, inviting users to weddings and prompting them to install a mobile app to receive the invitation, according to a&nbsp;<a href=\"https:\/\/securelist.ru\/tria-stealer-collects-sms-data-from-android-devices\/111558\/\" target=\"_blank\" rel=\"noreferrer noopener\">report<\/a>&nbsp;published Thursday by Russian cybersecurity firm Kaspersky.<\/p>\n\n\n\n<p>Once installed, the malware steals sensitive data from SMS messages, emails, including Gmail and Outlook, call logs, and messaging apps like WhatsApp and WhatsApp Business.<\/p>\n\n\n\n<p>Researchers warn that the stolen information could be used to access online banking, reset passwords, or hijack accounts that rely on email and messaging app authentication.<\/p>\n\n\n\n<p>The primary goal of the attackers appears to be gaining full control of victims\u2019 WhatsApp and Telegram accounts, allowing them to spread malware further or send fraudulent money requests to contacts.<\/p>\n\n\n\n<p>The hackers use two Telegram bots to process stolen data \u2014 one for collecting text from instant messaging applications and emails and another for handling SMS data.<\/p>\n\n\n\n<p>While the exact number of victims remains unclear, posts on social media platforms like X and Facebook suggest the campaign has reached a number of Android users in Malaysia, according to Kaspersky.<\/p>\n\n\n\n<p>Researchers have not attributed the attack to a specific group, but evidence suggests the hackers are Indonesian-speaking.<\/p>\n\n\n\n<p>In 2023, Kaspersky uncovered a similar campaign called UdangaSteal, in which hackers stole text messages from users in Indonesia, Malaysia, and India, transmitting the data to their servers via a Telegram bot. The attackers used various tactics to trick victims into installing malicious files, including fake wedding invitations, package delivery notifications, annual tax payment reminders, and job offers.<\/p>\n\n\n\n<p>Despite the similarities, researchers note key differences between the two campaigns, including distinct malware code, varying geographic targets, and different attack tactics. While UdangaSteal has maintained a consistent focus on SMS theft, Tria has a broader reach, targeting emails and messaging apps in addition to SMS communications, researchers said.<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybercriminals are using fake wedding invitations targeting users in Malaysia and Brunei to distribute a newly discovered Android malware called Tria. Since mid-2024, the attackers have been spreading the malware through private and group chats on Telegram and WhatsApp, inviting<\/p>\n<p><a href=\"https:\/\/infosecinsider.xyz\/?p=30\" class=\"awp-btn awp-btn-secondary\">Continue Reading<span class=\"screen-reader-text\">Hackers use fake wedding invitations to spread Android malware in Southeast Asia<\/span><i class=\"fa fa-arrow-right\"><\/i><\/a><\/p>\n","protected":false},"author":1,"featured_media":31,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[],"class_list":["post-30","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybercrime"],"_links":{"self":[{"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/posts\/30","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=30"}],"version-history":[{"count":1,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/posts\/30\/revisions"}],"predecessor-version":[{"id":32,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/posts\/30\/revisions\/32"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=\/wp\/v2\/media\/31"}],"wp:attachment":[{"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=30"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=30"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/infosecinsider.xyz\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=30"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}