Ajina Android Malware - #Ajina
Ajina.Banker is a new Android malware that has been actively targeting bank customers in Central Asia since November 2023, with over 1,400 unique variants identified. The malware masquerades as legitimate apps, distributed primarily through Telegram channels, to steal banking information and intercept two-factor authentication codes. It operates on an affiliate program model, with core groups managing infrastructure and affiliates handling distribution. The malware can steal phone numbers, bank card details, SIM card information, and SMS messages, indicating a well-coordinated effort by the threat actors. The malware's sophistication and evolving functionalities underscore the importance of increased vigilance, using security software, and employing Endpoint Detection and Response platforms to protect against such threats. Experts recommend caution when downloading apps from unofficial sources and staying informed about mobile security best practices. The campaign, initially focused on Central Asia, is now spreading to neighboring countries, highlighting the broad and persistent nature of this threat.