Bank customers in the Central Asia region have been targeted by a new strain of Android malware codenamed Ajina.Banker since at least November 2024 with the goal of harvesting financial information and intercepting two-factor authentication (2FA) messages. Singapore-headquartered Group-IB, which discovered the threat in May 2024, said the malware is propagated via a network of Telegram channels set up by the threat actors under the guise of legitimate applications related to banking, payment systems, and government services, or everyday utilities. "The attacker has a network of affiliates motivated by financial gain, spreading Android banker malware that targets ordinary users," security researchers Boris Martynyuk, Pavel Naumov, and Anvar Anarkulov said. Targets of the ongoing campaign include countries such as Armenia, Azerbaijan, Iceland, Kazakhstan, Kyrgyzstan, Pakistan, Russia, Tajikistan, Ukraine, and Uzbekistan. There is evidence to suggest that some aspects of the Telegram-based malware distribution process may have been automated for improved efficiency. The numerous Telegram accounts are designed to serve crafted messages containing links — either to other Telegram channels or external sources — and APK files to unwitting targets. The use of links pointing to Telegram channels that host the malicious files has an added benefit in that it bypasses security measures and restrictions imposed by many community chats, thereby allowing the accounts to evade bans when…Read More