The cybersecurity landscape is constantly evolving, with malicious actors developing increasingly sophisticated malware to target users’ devices. Recent advancements in Android malware have taken a concerning turn, as new threats emerge capable of stealing banking login credentials and intercepting two-factor authentication (2FA) messages.
The Ajina Menace
Group-IB’s cybersecurity analysts have identified a new Android malware dubbed “Ajina” that is actively targeting users in Central Asia, primarily Uzbekistan. This malware employs various tactics to compromise users’ devices and steal their sensitive financial information.
Ajina’s Modus Operandi
Ajina operates by mimicking legitimate applications. It requests critical permissions such as access to read SMS and call logs, as well as collect device information. The malware then transmits stolen data to command-and-control (C2) servers using AES/GCM encryption.
In addition, Ajina can intercept SMS messages, including 2FA codes, providing attackers with a means to bypass account security measures.
Distribution and Targeting
Ajina is distributed through Telegram using social engineering tactics. It targets users in several Central Asian countries, including Uzbekistan, Armenia, and Kazakhstan.
Recommendations for Protection
To protect against the Ajina malware and other similar threats, users are advised to:
- Keep their devices up-to-date
- Only download apps from official sources like Google Play
- Pay attention to app permissions and deny unnecessary requests
- Avoid clicking on suspicious SMS links
- If infected, disable network access, freeze bank accounts, and consult with cybersecurity experts
- Implement robust security solutions that detect and prevent malware and other cyber threats
Conclusion
The emergence of malware like Ajina highlights the ongoing threat posed by cybercriminals. By staying vigilant and following security best practices, users can protect their devices and financial security.