Search This Blog

Turkey Dog Activity Continues to use COVID Lures

Turkey Dog continues to target Turkish speakers with RAT Trojans via COVID lures.

 

A year into the pandemic, Turkey Dog-related activity is ongoing with campaigns that keep on utilizing the "free internet" lures. These current campaigns use lure pages that guarantee cash payments of thousands of Turkish Lira, implying to be attached to the Turkish government. For instance, as indicated by Google Translate, a page states, "Final Phase Pandemic Support Application - 3,000TL State Support for All Applicants!" Another highlights a picture of Turkish Minister of Health Dr. Fahrettin Koca's and guarantees 1,000 lira for "everybody applying!" 

A portion of the lure pages, use whos.amung.us scripts for tracking purposes. RiskIQ's Internet Intelligence Graph, utilizes unique identifiers associated with these scripts to associate numerous Turkey Dog domains. For example, a RiskIQ crawl of pandemidesteklerim[.]com noticed the whos.amung.us ID loaded on the page, which was seen on 431 hosts since April 26, 2020. They additionally found a Google Analytics tracking ID associated with 52 Turkey Dog domains since October 25, 2020. 

In May 2020, threat researcher BushidoToken created a blog pulling together multiple indicators, some showing up as early as April 2020, from researchers following Cerberus and Anubis activity targeting Turkish speakers. These two remote access Trojans (RATs), which follow a malware-as-a-service model, steal client credentials to access bank accounts. Profoundly beguiling, they can overlay over other applications (dynamic overlays), capture keystrokes, SMS harvest and send, call forward, and access other sensitive information across the gadget. 

RiskIQ regularly crawls malignant app circulation URLs dependent on different internal and external feeds, they can directly notice the lure pages utilized by noxious Android applications. The mobile application landscape is likely overflowing with Turkey Dog mobile applications. A quick search for blacklisted samples of one known Turkey Dog APK, "edestek.apk" yields 90 outcomes from as many unique Turkey Dog URLs. Every one of the 90 of these samples can read, receive, and send SMS messages, allowing them to circumvent SMS two-factor authentication. Large numbers of them can likewise record audio, perform full-screen overlays to introduce a bogus login page for harvesting banking credentials, and download additional software packages.

After a year, cybercriminals keep on utilizing the COVID-19 pandemic as a lure for victims. Turkey Dog activity has gone on unabated for quite a long time, likely guaranteeing a huge gathering of victims and isolating them from their banking login credentials and other sensitive information.
Share it:

COVID-19

Cyber Crime

Trojan Attacks

Turkey Dog