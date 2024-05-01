Chinese cybersecurity firm QAX XLab has uncovered a new Android trojan named Wpeeper, notable for hiding its true command-and-control (C&C) server behind compromised WordPress sites, utilizing a multi-level C&C infrastructure. Despite typical trojan functionality, including information collection and file management, Wpeeper encrypts commands, uses HTTPS for communication, and employs elliptic signatures to prevent takeover. Uploaded to VirusTotal on April 17, the trojan ceased activity on April 22 after receiving a command to delete itself. QAX XLab identified dozens of C&C domains associated with the threat, distributed via repackaged applications in the UPtodown Store. Though the threat actor’s sudden halt in activity suggests a waiting period for downloader popularity, Wpeeper likely infected thousands of devices before disappearing, utilizing compromised WordPress sites to hide its true C&C server and employing sophisticated mechanisms indicative of professional proficiency.

Read more: https://www.securityweek.com/wpeeper-android-trojan-uses-compromised-wordpress-sites-to-shield-command-and-control-server/