HenBox: The Chickens Come Home to Roost (Mar 13, 2018)
A new Android malware family, dubbed "HenBox," has been discovered by Unit 42 researchers. The malware appears to primarily target Muslims living in the "Xinjiang Uygur Autonomous Region" in Northwest China. The malware is being delivered via trojanised versions of VPN and Android system APKs applications located on third-party application stores. HenBox steals information from multiple applications including chat, communication, social media apps.
Recommendation: Mobile applications should only be downloaded from official locations such as the Google Play Store and the Apple App Store. Websites and documents that request additional software is needed in order to access, or properly view content should be properly avoided. Additionally, mobile security applications provided from trusted vendors are recommended.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.