CYFIRMA Research- Lazarus Stealer

Update: 2025-08-29

Description

CYFIRMA research exposes Lazarus Stealer — a stealthy Android banking malware targeting Russian financial institutions.

Key Attack Vectors:

Overlay Attack: Displays fake banking login screens to steal card details & account credentials.
Silent SMS Notification Blocking: Obtains default SMS handler rights to suppress OTP alerts from the victim’s view.
Real-Time OTP Harvesting: Captures verification codes instantly to bypass multi-factor authentication.
Covert C2 Communication: Sends stolen data to attacker-controlled servers.

Link to the Research Report: https://www.cyfirma.com/research/lazarus-stealer-android-malware-for-russian-bank-credential-theft-through-overlay-and-sms-manipulation/

#AndroidMalware #BankingTrojan #OverlayAttack #SMSInterception #OTPTheft #CyberThreatIntel #MobileSecurity #CYFIRMAResearch #CYFIRMA #ETLM #ExternalThreatLandscapeManagement

https://www.cyfirma.com/

Comments

In Channel

CYFIRMA Research- APT36 Campaign Targets Indian Defense BOSS Linux system

2025-08-2903:41

CYFIRMA Research- Lazarus Stealer

2025-08-2904:17

CYFIRMA Research- Android Malware Posing as Indian Bank Apps

2025-08-2808:44

CYFIRMA Research- Raven Stealer

2025-08-1804:00

CYFIRMA Research: EdskManager RAT- Multi-Stage Malware with HVNC and Evasion Capabilities

2025-07-2505:15

CYFIRMA Research: CVE-2025-5777– Pre-Auth Memory Leak in Citrix NetScaler (CitrixBleed 2)

2025-07-2105:00

CYFIRMA Research- Octalyn Stealer Unmasked

2025-07-1804:58

CYFIRMA Research- Tracking Ransomware- June 2025

2025-07-1604:54

CYFIRMA Research- RENDERSHOCK- Weaponizing Trust in File Rendering Pipelines

2025-07-1505:58

CYFIRMA Research- GitHub Abused to Spread Malware Disguised as Free VPN

2025-07-1405:19

CYFIRMA Research- Phishing Attack: Deploying Malware on Indian Defense BOSS Linux

2025-07-0803:20

CYFIRMA Research - 12-Day War update

2025-07-0207:40

CYFIRMA Research- Odyssey Stealer

2025-06-2605:26

CYFIRMA Research- APT36 Phishing Campaign Targets Indian Defense Using Credential-Stealing Malware

2025-06-2406:36

CYFIRMA Research- Tracking Ransomware: May 2025

2025-06-1804:04

CYFIRMA Research: Understanding CyberEye RAT Builder- Capabilities and Implications

2025-06-1605:30

CYFIRMA Research: Ukraine's Attack on Russia's Strategic Air Force- Live Feed from Revolution in Military Affairs

2025-06-1308:35

CYFIRMA Research: DuplexSpy RAT- A Stealthy Windows Malware Enabling Full Remote Control and Surveillance

2025-06-1106:14

CYFIRMA Research: Firewalls and Frontlines- The India-Pakistan Cyber Battlefield Crisis

2025-06-0606:47

CYFIRMA Research- Versa Concerto: Understanding and Mitigating CVE-2025-34027

2025-06-0404:27

00:00

CYFIRMA Research- Lazarus Stealer

#box-pro-ellipsis-175673046013229{-webkit-line-clamp:2;}CYFIRMA Research- Lazarus Stealer

CYFIRMA Research- Lazarus Stealer

CYFIRMA

CYFIRMA Research- Lazarus Stealer