You might like
BTMOB is one of the Android banking trojans responsible for significant financial losses to Brazil’s banking sector by enabling fraudulent PIX transactions.
1/ Found an Android BroadcastReceiver (adapter.differentiator.decoder.alarme) that listens for a custom action and spawns a background thread to restart hidden services. Behavior: receives MY_CUSTOM_ACTION ➡️ spawns thread ➡️ conditionally starts two obfuscated services A…
🇧🇷BTMOB custom module: sets up OkHttp WebSocket C2, pings/redirects C2, then executes JSON-driven ops: screen stream/control, mic capture, file search/move/upload (chunked b64 + ZIP), browser/notification/lock overlays, call-forwarding, local proxy, terminal shell, and injection…
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G202U27WsAAw9L0.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G202YdTWMAAaKS2.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G204vGWWkAAMTi5.png)
![Merlax_'s tweet image. #Malware #Android - BTMOB 🧑🎄
Apuntando a Brasil 🇧🇷🎯
Site
hxxps://191[.]101[.]131[.]165/magia-cristalina/
C2
hxxp://209[.]50[.]227.162/yaarsa/private/yarsap_80541.php
209[.]50[.]227[.]162:8080](https://pbs.twimg.com/media/G204zFJXMAArMDc.png)
Another Brazilian #Magecart observed: first GTM (dropper) spawns a second GTM (maps dataLayer: products, InitiateCheckout, Purchase) then a typo-squatted CDN loads a skimmer that hooks payment inputs for exfiltration. #CTI #LATAM
POST /api/event?event=pwaOpen HTTP/2 Host: nubanktrading[.]site Cookie: piuiding6cq=xxxxxxxxxxxxxxxx; pcpn4bdt0w=pwa; pwaid5n52de=xxxxxxxxx; splitidfnp8kv=-1; fpvdate1uehvj=2025-10-06; sdata6yo0lp=xxxxxxxxxxxxxxxx Origin: https://nubanktrading[.]site Referer:…
![SwitchToThread's tweet image. POST /api/event?event=pwaOpen HTTP/2
Host: nubanktrading[.]site
Cookie: piuiding6cq=xxxxxxxxxxxxxxxx; pcpn4bdt0w=pwa; pwaid5n52de=xxxxxxxxx; splitidfnp8kv=-1; fpvdate1uehvj=2025-10-06; sdata6yo0lp=xxxxxxxxxxxxxxxx
Origin: https://nubanktrading[.]site
Referer:…](https://pbs.twimg.com/media/G2nPCqTWIAAjoae.jpg)
🇧🇷 #phishing Nubank atendimentonubank[.]site avalaianubank[.]site checkout-nubank[.]online comprovantenubank[.]online indeniza-nubank[.]site indenizacaonubank[.]site indenizacaonubankoficial[.]online indenizanubank[.]online indenizanubank[.]shop indenizanubank[.]site…
![SwitchToThread's tweet image. 🇧🇷 #phishing Nubank
atendimentonubank[.]site
avalaianubank[.]site
checkout-nubank[.]online
comprovantenubank[.]online
indeniza-nubank[.]site
indenizacaonubank[.]site
indenizacaonubankoficial[.]online
indenizanubank[.]online
indenizanubank[.]shop
indenizanubank[.]site…](https://pbs.twimg.com/media/G2nIZhjWsAAI6fj.jpg)
🇧🇷 #phishing Nubank atendimentonubank[.]site avalaianubank[.]site checkout-nubank[.]online comprovantenubank[.]online indeniza-nubank[.]site indenizacaonubank[.]site indenizacaonubankoficial[.]online indenizanubank[.]online indenizanubank[.]shop indenizanubank[.]site…
🇧🇷Scammers are impersonating Serasa and asking victims to make a PIX payment to “clear their name.” ▶️Destination { "type": "dynamic", "merchantCategoryCode": "0000", "transactionCurrency": 986, "countryCode": "BR", "merchantName": "AGILE LTDA", "merchantCity":…
🇧🇷 #phishing Uma nova e sofisticada campanha de phishing está circulando na internet, utilizando a marca e o prestígio de um marketplace famoso para enganar usuários com a promessa de um cartão de crédito nível “gold” com limite pré-aprovado de R$ 4.700,00 e zero anuidade. O…
United States Trends
- 1. #VSFashionShow 167K posts
- 2. quen 12.7K posts
- 3. #KaneAI N/A
- 4. madison 39K posts
- 5. jihyo 81.4K posts
- 6. #VictoriasSecretFashionShow 1,882 posts
- 7. Karol G 23.9K posts
- 8. tzuyu 73.1K posts
- 9. Nancy 109K posts
- 10. #youtubedown 1,276 posts
- 11. BELLA HADID 8,791 posts
- 12. Angel Reese 13.3K posts
- 13. #ARWINGS 3,719 posts
- 14. Birdman 2,298 posts
- 15. Argentina 462K posts
- 16. Supreme Court 142K posts
- 17. Anok 5,640 posts
- 18. Jasmine Tookes 4,517 posts
- 19. Waddle 6,004 posts
- 20. UTEP 2,535 posts
You might like
-
Alexandre Borges
@ale_sp_brazil -
Arkbird
@Arkbird_SOLG -
Joe Security
@joe4security -
Dee
@ViriBack -
Pavel Yosifovich
@zodiacon -
Frost
@fr0s7_ -
neonprimetime
@neonprimetime -
Ring3API 🇺🇦
@ntlmrelay -
avman
@avman1995 -
Joe Roosen
@JRoosen -
JAMESWT
@JAMESWT_WT -
Frank Boldewin
@r3c0nst -
Sinaei
@Intel80x86 -
Artsiom Holub
@Mesiagh -
marc ochsenmeier
@ochsenmeier
Something went wrong.
Something went wrong.