A new strain of the Android malware family Copybara has been active since November 2023, spreading via vishing attacks and using the MQTT protocol for C2 communication

The malware uses the Accessibility Service to gain control over infected devices and downloads phishing pages that trick victims into entering credentials, impersonating cryptocurrency exchanges and financial institutions, which are then stolen by the malware.

It is also known to mimic popular applications such as Google Chrome and IPTV services, aiming to trick users into downloading and installing malware and compromise their personal and financial information.

Some of the measures we need to take to protect ourselves from this type of attack;

• Do not click on links of unknown origin.

• Use two-factor authentication for the applications you use.

• Use necessary personal or corporate security products on your computer.

• Your system should always be kept up to date.