The email rar attachment contains an exe file: the first malware, which downloads the second. The stolen data is exfiltrated via SMTP.
CERT-India cybersecurity experts: Multiple vulnerabilities in Android OS. An attacker could obtain sensitive information and gain elevated privileges on the targeted system. Update your device now!
Android has multiple vulnerabilities which could be exploited by an attacker to obtain sensitive information and gain elevated privileges on the targeted system. The warning has been launched by the CERT-India cybersecurity experts. These vulnerabilities exist due to flaws in the Media Codecs and Media Framework components in Google Play system updates, Framework components, System components, Kernel components, Qualcomm components, Qualcomm closed-source components and MediaTek components. According the researchers, successful exploitation of the bugs could allow a cybercrime actor to execute arbitrary code and gain the control of the system affected. The producer, however, released a patch. Update your mobile devices now!