黑客伪造 Google Play 商店页面，针对巴西用户实施加密货币挖矿与钱包劫持攻击

GateNews

Security Incidents

Source: techflowpost

2026-03-22 11:16:18

Gate News 消息，3 月 22 日，据 SecureList 披露，黑客近期通过仿冒 Google Play 商店的钓鱼页面，在巴西发起 Android 恶意软件攻击活动。目前所有已知受害者均位于巴西。

攻击者搭建了与 Google Play 高度相似的钓鱼网站，诱导用户下载名为"INSS Reembolso"的伪造应用。该应用安装后，将分阶段释放隐藏恶意代码，并直接加载至内存运行，设备上不留可见文件，具有较强的隐蔽性。

恶意软件的核心功能之一为加密货币挖矿，内置针对 ARM 设备编译的 XMRig 挖矿程序，可在后台静默连接攻击者控制的挖矿服务器。该程序会监控电池电量、温度及设备使用状态，动态调整挖矿行为以规避检测，并通过循环播放静音音频文件绕过 Android 系统的后台进程管理机制。

部分变种还内置银行木马，可在某 CEX 和某钱包的 USDT 转账界面叠加伪造页面，静默替换收款地址。此外，恶意软件支持录音、截屏、键盘记录及远程锁机等多项远程控制指令。

Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to Disclaimer.

Commento

0/400

Nessun commento