Catelites Bot

Description

(Avast) Now, the Avast Threat Labs team have uncovered and analyzed with SfyLabs a new version of the malware, dubbed Catelites Bot, which shares similarities with the malware used for CronBot.

While we are still investigating the details of this malware, here is what we know: this malware gets “dropped” onto your device after you download an app from a third-party app store (not official shops like Google Play) or from malicious adware (malvertisements) or phishing sites. Once dropped onto your Android device, the malicious app looks like the icon seen in the screen below and is titled “System Application.”

Worse still, this piece of malware can also go after your bank account login details. This malware has the ability to pose as over 2,200 banks and financial institutions. It does so by adopting the logo and mobile application name of a bank used in the Google Play Store, allowing the author to use simple templates to harvest username and password or credit card information. The overlay is HTML-based and not as sophisticated as other Android banking malware such as LokiBot, Red Alert, or ExoBot, but the power here is clearly in the shotgun approach: using simple phishing overlay screens, the criminals are able to target many more users, increasing their likelihood of financial gain.

Names

Name
Catelites Bot
Catelites

Type

Banking trojan

Information

https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.catelites

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:Catelites

Other Information

Uuid

7792fc81-4715-436d-8eab-ccc560958972

Last Card Change

2022-12-28

Threat Intelligence Garden

Explorer

Catelites Bot

Catelites Bot

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks