DocSwap Malware Masquerades as Security Document Viewer to Target Android Users Globally – Active IOCs
Contents
CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability
March 19, 2025CVE-2025-24071 – Microsoft Windows Vulnerability
March 20, 2025CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability
March 19, 2025CVE-2025-24071 – Microsoft Windows Vulnerability
March 20, 2025Severity
High
Analysis Summary
DocSwap is a newly discovered Android malware campaign that disguises itself as a legitimate document security and viewing application. It primarily spreads through phishing emails and compromised websites, tricking users into installing what appears to be a productivity tool. Once installed, the malware requests excessive permissions, including access to contacts, storage, and SMS, allowing it to exfiltrate sensitive data.
Security analysts Security have observed a rapid increase in infections across Asia, Europe, and North America over the past three weeks.
According to the Researcher, this malware employs advanced evasion techniques, including obfuscation and a delayed payload decryption mechanism, to bypass sandbox analysis and security detection. Its core functionality relies on a native library that exfiltrates …
March 19, 2025CVE-2025-24071 – Microsoft Windows Vulnerability
March 20, 2025CISA Alerts on Active Exploitation of Fortinet FortiOS Authentication Bypass Vulnerability
March 19, 2025CVE-2025-24071 – Microsoft Windows Vulnerability
March 20, 2025Severity
High
Analysis Summary
DocSwap is a newly discovered Android malware campaign that disguises itself as a legitimate document security and viewing application. It primarily spreads through phishing emails and compromised websites, tricking users into installing what appears to be a productivity tool. Once installed, the malware requests excessive permissions, including access to contacts, storage, and SMS, allowing it to exfiltrate sensitive data.
Security analysts Security have observed a rapid increase in infections across Asia, Europe, and North America over the past three weeks.
According to the Researcher, this malware employs advanced evasion techniques, including obfuscation and a delayed payload decryption mechanism, to bypass sandbox analysis and security detection. Its core functionality relies on a native library that exfiltrates …
IoC
bf134495142d704f9009a7d325fb9546db407971ade224e3718a84254e9ff03e
3ccfe58b8e0b5ca96cac4e9394567515
643ecf86671b5f9fd5793a9316b013b3914618d4
3ccfe58b8e0b5ca96cac4e9394567515
643ecf86671b5f9fd5793a9316b013b3914618d4