← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
'Evil Twin' Apps Spread for Multiple Fraud Schemes
WHITE AlienVault 2024-07-17 Modified: 2024-07-17
15
IOCs
MEDIUM VOLUME
HUMAN's Satori Threat Intelligence and Research team recently uncovered a massive ad fraud operation dubbed Konfety, involving threat actors operating 'evil twin' versions of 'decoy twin' apps available on major app marketplaces. The decoy twins on official stores behave normally, while the evil twins conduct ad fraud, install browser extensions, monitor web searches, and sideload malicious code onto devices by abusing an ad SDK called CaramelAds. This novel obfuscation method represents fraudulent traffic as legitimate.
obfuscationmalvertisingkonfetyimpersonationmobilead fraud
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Konfety
Indicators of Compromise (15)
All domain hostname
TYPEINDICATORDESCRIPTIONCREATED
domain amzuu.com 2024-07-17
domain buisness-exchange.com 2024-07-17
domain confbesttop.xyz 2024-07-17
domain crypto-change.biz 2024-07-17
domain cryptonomiconf.me 2024-07-17
domain downappgree.com 2024-07-17
domain jetengine.it 2024-07-17
domain poolpush.pro 2024-07-17
domain thild.info 2024-07-17
domain thoungains.com 2024-07-17
domain trymyconf.com 2024-07-17
domain urluss.com 2024-07-17
domain vptrackme.com 2024-07-17
hostname api.advancedspot.com 2024-07-17
hostname ssp.thild.info 2024-07-17
References (1)
↗ https://www.humansecurity.com/learn/blog/satori-threat-intelligence-alert-konfety-spreads-evil-twin-apps-for-multiple-fraud-schemes