BADSIGNAL

Description

(Volexity) In contrast to BadBazaar and BADSOLAR, BADSIGNAL does not download a second-stage payload. Instead, all capabilities are included in the main APK. The malicious code is loaded by extending the legitimate PassPhraseRequiredActivity class in org.thoughtcrime.securesms.MainActivity. BADSIGNAL uses a REST API on port 4432 as part of its C2 communication.

Names

Name
BADSIGNAL

Type

Backdoor

Information

https://www.volexity.com/blog/2023/09/22/evilbamboo-targets-mobile-devices-in-multi-year-campaign/

Other Information

Uuid

1e783cb4-16b4-468c-bc02-a08f79196e1a

Last Card Change

2023-10-12

Threat Intelligence Garden

Explorer

BADSIGNAL

BADSIGNAL

Description

Names

Category

Type

Information

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks