Researchers have spotted Triangulum, a previously known threat actor making a comeback with new Android malware that is now being sold on dark web hacking forums.
With malware evolving every day, we’re bound to come across new attack vectors and new types. In the latest, researchers from Checkpoint have discovered a new type of Android malware being spread on the dark web by a threat actor dubbed Triangulum.
Alleged to be a 25-year-old Indian man, he seems skilled in mathematics and a few details about his personal life are also known through his profile on dark web forums.
Delving into his malware, the very first one was in 2017, a remote administration tool for Android which could collect data from the victim’s smartphone and transmit it to a C2 server along with having the ability to destroy not only user data but the entire operating system in itself:
Soon, this product was offered for sale in the October of 2017 but shortly afterward as the researchers point out, he disappeared with no activity on the forums. Yet, in April 2019, he came back, this time offering 4 products for sale in a span of half a year.
These 4 products being developed and made available for sale in such a short time period is what made the researcher suspicious as it is not possible for an individual alone to do so. Investigating, it was found that he was collaborating with another actor named HeXaGoN Dev with w ..