FinStealer Malware Breach: Login Credentials Safety Tips

AVP SUITE

February 20,2025

6 mins


FinStealer Malware Breach: Login Credentials Safety Tips

A sophisticated malware campaign, dubbed “FinStealer,” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. Security researchers at CYFIRMA have identified the malware as Trojan.rewardsteal/joxpk, which is designed to steal banking credentials and personal information from unsuspecting users.

Let’s know more about this. 

Keep reading?

 

Table of Contents!

How the Malware Operates

Security Risks and Recommendations

Staying Safe from FinStealer

How to Spot Login Credential Fraud

How to Protect Your Login Credentials

 

How the Malware Operates

The attack is being carried out through a suspicious website, motocharge[.]online, which distributes fake banking apps designed to look like legitimate ones. Once installed, the malware begins its stealthy operation, extracting sensitive user data while remaining undetected.

CYFIRMA analysts found that FinStealer is built using Kotlin and employs advanced evasion techniques, including:

  • XOR-based string obfuscation to bypass detection
  • A dual command-and-control (C2) infrastructure, using both IP-based servers (41.216.183.97) and Telegram bots
  • WebView exploitation to capture user credentials

The malware communicates with its C2 infrastructure through a Telegram bot, using the API key: 7754264825:AAEqSBGNuEbuMqnWFqN7E_SvhS5sy_IFjEE. The stolen data includes:

  • Banking credentials
  • Credit card details
  • Personal identification information

Related Read: Top 7 Tips to Safeguard Your Digital Identity Like a Pro!

Security Risks and Recommendations

Researchers also discovered a critical vulnerability (CVE-2011-2688) in the C2 server, which allows SQL injection attacks via the mysql/mysql-auth.pl script in the mod_authnz_external module.

To protect against this ongoing threat, CYFIRMA recommends:

  • Implementing advanced endpoint protection
  • Monitoring for exploit-like behavior
  • Conducting regular security audits of mobile applications
  • Blocking known malicious indicators of compromise (IOCs)

The below-mentioned YARA rule might help in identifying malware:

 

Staying Safe from FinStealer

With the campaign still active, researchers continue to monitor new variants and attack vectors. Meanwhile, users are strongly advised to download banking apps only from official sources and verify app authenticity before installation to avoid falling victim to this stealthy malware attack.

 

Read More: Malware vs. Viruses: Learn the Differences and Protection Tips

 

 

How to Spot Login Credential Fraud

Login credential fraud is a critical danger in today’s digital landscape. Cybercriminals use malware and malicious assaults to steal your login credentials, doubtlessly leading to identity theft and credit card fraud

Here are some key signs to watch for:

  • Unexpected Login Alerts: If you receive notifications from unfamiliar devices or locations, it’s a red flag.
  • Suspicious Emails or SMS: Beware of messages asking you to verify your login credentials or urging you to update your password.
  • Account Changes: Unexplained alterations in your account settings may signal a breach.

Utilize robust anti-malware solutions and mobile malware protection to guard your accounts. 

 

Can Your Device Handle A Malware Attack? 

AVP Suite stops threats before they strike, protecting data and devices from malware

Try AVP Suite for Free!

 

How to Protect Your Login Credentials

Maintaining your login credentials is crucial for safeguarding your personal data and preventing identity theft. Follow these steps to build a robust defense against malicious attacks and data breaches.

  • Create Strong, Unique Passwords:
    Use a mixture of letters, numbers, and symbols for every account. Avoid using easily comprehensible information to decrease the malware risk and malicious attacks focused on your login credentials.
  • Enable Two-Factor Authentication (2FA):
    Adding an extra layer of security ensures that even if your password is compromised, unauthorized access is prevented.
  • Utilize AVP Total Security:
    Invest in comprehensive anti-malware solutions like AVP Total Security for continuous malware protection and mobile malware protection. Its advanced features guard against both known and emerging threats.
  • Regular Software Updates:
    Keep your operating system and apps updated. Patches and updates fix vulnerabilities that hackers exploit for data breach protection.
  • Monitor Account Activity:
    Frequently review your account activities. Unexpected changes or login alerts can be early signs of a breach.
  • Secure Your Devices:
    Use anti-malicious software to secure all devices, ensuring complete cybersecurity across your digital ecosystem. This also helps prevent credit fraud and maintain personal data security.
  • Be Cautious on Public Wi-Fi:
    Avoid logging into sensitive accounts on unsecured networks. Use a secure VPN if you must access public Wi-Fi.

These proactive measures can significantly boost your identity theft protection and keep your login credentials safe. Embrace these practices for stronger data security and peace of mind in today’s digital world.

Want to know more about digital identity and login credential protection? 

Visit the AVP Suite for enhanced security!

A sophisticated malware campaign, dubbed “FinStealer,” is actively targeting customers of a leading Indian bank through fraudulent mobile applications. Security researchers at CYFIRMA have identified the malware as Trojan.rewardsteal/joxpk, which is designed to steal banking credentials and personal information from unsuspecting users.

Let’s know more about this. 

Keep reading?

How the Malware Operates

The attack is being carried out through a suspicious website, motocharge[.]online, which distributes fake banking apps designed to look like legitimate ones. Once installed, the malware begins its stealthy operation, extracting sensitive user data while remaining undetected.

CYFIRMA analysts found that FinStealer is built using Kotlin and employs advanced evasion techniques, including:

  • XOR-based string obfuscation to bypass detection
  • A dual command-and-control (C2) infrastructure, using both IP-based servers (41.216.183.97) and Telegram bots
  • WebView exploitation to capture user credentials

The malware communicates with its C2 infrastructure through a Telegram bot, using the API key: 7754264825:AAEqSBGNuEbuMqnWFqN7E_SvhS5sy_IFjEE. The stolen data includes:

  • Banking credentials
  • Credit card details
  • Personal identification information

Related Read: Top 7 Tips to Safeguard Your Digital Identity Like a Pro!

Security Risks and Recommendations

Researchers also discovered a critical vulnerability (CVE-2011-2688) in the C2 server, which allows SQL injection attacks via the mysql/mysql-auth.pl script in the mod_authnz_external module.

To protect against this ongoing threat, CYFIRMA recommends:

  • Implementing advanced endpoint protection
  • Monitoring for exploit-like behavior
  • Conducting regular security audits of mobile applications
  • Blocking known malicious indicators of compromise (IOCs)

The below-mentioned YARA rule might help in identifying malware:

YARA rule help in identifying malware

Staying Safe from FinStealer

With the campaign still active, researchers continue to monitor new variants and attack vectors. Meanwhile, users are strongly advised to download banking apps only from official sources and verify app authenticity before installation to avoid falling victim to this stealthy malware attack.

Read More: Malware vs. Viruses: Learn the Differences and Protection Tips

How to Spot Login Credential Fraud

Login credential fraud is a critical danger in today’s digital landscape. Cybercriminals use malware and malicious assaults to steal your login credentials, doubtlessly leading to identity theft and credit card fraud

Here are some key signs to watch for:

  • Unexpected Login Alerts: If you receive notifications from unfamiliar devices or locations, it’s a red flag.
  • Suspicious Emails or SMS: Beware of messages asking you to verify your login credentials or urging you to update your password.
  • Account Changes: Unexplained alterations in your account settings may signal a breach.

Utilize robust anti-malware solutions and mobile malware protection to guard your accounts.

Can Your Device Handle A Malware Attack?

AVP Suite stops threats before they strike, protecting data and devices from malware

Try AVP Suite for Free! Cta_banner_image

How to Protect Your Login Credentials

Maintaining your login credentials is crucial for safeguarding your personal data and preventing identity theft. Follow these steps to build a robust defense against malicious attacks and data breaches.

  • Create Strong, Unique Passwords:
    Use a mixture of letters, numbers, and symbols for every account. Avoid using easily comprehensible information to decrease the malware risk and malicious attacks focused on your login credentials.
  • Enable Two-Factor Authentication (2FA):
    Adding an extra layer of security ensures that even if your password is compromised, unauthorized access is prevented.
  • Utilize AVP Total Security:
    Invest in comprehensive anti-malware solutions like AVP Total Security for continuous malware protection and mobile malware protection. Its advanced features guard against both known and emerging threats.
  • Regular Software Updates:
    Keep your operating system and apps updated. Patches and updates fix vulnerabilities that hackers exploit for data breach protection.
  • Monitor Account Activity:
    Frequently review your account activities. Unexpected changes or login alerts can be early signs of a breach.
  • Secure Your Devices:
    Use anti-malicious software to secure all devices, ensuring complete cybersecurity across your digital ecosystem. This also helps prevent credit fraud and maintain personal data security.
  • Be Cautious on Public Wi-Fi:
    Avoid logging into sensitive accounts on unsecured networks. Use a secure VPN if you must access public Wi-Fi.

These proactive measures can significantly boost your identity theft protection and keep your login credentials safe. Embrace these practices for stronger data security and peace of mind in today’s digital world.

Want to know more about digital identity and login credential protection? 

Visit the AVP Suite for enhanced security!

Why Risk Your Security?

AVP Suite ensures robust malware protection 24/7

Claim Your Free Trial!

Leave a Reply

Your email address will not be published. Required fields are marked *

Table of Contents
Topics
#anti malicious software #anti-malware solutions #AVP Total Security #credit fraud protection #cybersecurity #data breach protection #digital identity #identity theft protection #login credential #malicious attacks #malware #malware protection #mobile malware protection #personal data security #ransomware #spyware

Related Posts

Antivirus vs. Anti-Malware: Which Protects You Better in 2025?
Device Security

Antivirus vs. Anti-Malware: Which Protects You Better in 2025?

February 21, 2025

Does Your iPhone Have a Virus? Learn How to Fix and Protect It
Device Security

Does Your iPhone Have a Virus? Learn How to Fix and Protect It

February 18, 2025

IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips
Cyberthreat Protection

IoT Data Breach Exposed 2.7 Billion Records: Data Breach Prevention Tips

February 14, 2025

Get the cybersecurity trends & news at AVPDaily

Important Details

Quick Links

About

Products

Features

Partner With Us

Support

© 2025 AVPSUITE LLC. All rights reserved.

  • Follow us :