Trusted Design

Android.Bankosy: All ears on voice call-based 2FA

概要

Android.Bankosy is a Trojan horse for Android devices that steals information from the compromised device. So how does Android.Bankosy take advantage of voice-based 2FA? Once the malware is installed on the victim’s device, it opens a back door, collects a list of system-specific information, and sends it to the command and control (C&C) server to register the device and then get a unique identifier for the infected device. If the registration is successful, it uses the received unique identifier to further communicate with the C&C server and receive commands.

Created: 2026-02-23

Indicators

• URL - http://89.144.14.59/admin_v2/send -
• URL - http://195.3.144.90:6081/forms/ -
• FileHash-SHA256 - 7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c -
• URL - http://89.144.14.29/remote/xxx -
• URL - http://185.86.148.188:2080/forms/ -
• FileHash-SHA256 - e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f -
• URL - http://185.86.148.188:2080/ -
• URL - http://xxxmobiletubez.com/video.php -
• URL - http://195.3.144.90:6081/ -
• FileHash-SHA256 - f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373 -
• domain - xxxmobiletubez.com -

類似Pulses

• Android banking trojan as Flash Player and bypasses 2FA (score: 0.69)
• A Look Into The New Strain Of BankBot (score: 0.64)
• Banking Trojan infected dozens of Android apps worldwide (score: 0.63)
• Android banking malware masquerades as Flash Player (score: 0.63)
• Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide (score: 0.61)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る