ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected
Sourceet/open
Fileemerging-mobile_malware.rules
CreatedFebruary 13, 2019
UpdatedMay 1, 2024
Classificationtrojan-activity
alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"ET MOBILE_MALWARE Android/Xnore Fake Facebook Login Credentials Collected"; flow:established,to_server ; http.method; content:"POST"; http.header; content:"xnore.com"; http.user_agent; content:"|20|Android|20|"; http.request_body; content:"app_id="; startswith; fast_pattern; content:"&cemail="; distance:0; content:"&cpass="; distance:0; http.header_names; to_lowercase; content:"|0d 0a|origin|0d 0a|"; content:"|0d 0a|referer|0d 0a|"; classtype:trojan-activity; sid:2026907; rev:4; metadata:affected_product Android, attack_target Mobile_Client, created_at 2019_02_13, deployment Perimeter, malware_family Xnore, performance_impact Low, confidence High, signature_severity Major, tag Spyware, updated_at 2024_05_01;)
Metadata
affected productAndroid
attack targetMobile_Client
created at2019_02_13
deploymentPerimeter
malware familyXnore
performance impactLow
confidenceHigh
signature severityMajor
tagSpyware
updated at2024_05_01
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!