SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.coper (Back to overview)

Coper

aka: ExobotCompact, Octo

Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.
Malicious Coper apps have a modular architecture and a multi-stage infection mechanism. Coper has originally been spotted in Colombia but has since emerged in Europa as well.

References
2023-02-08K7 SecurityBaran S
@online{s:20230208:play:9995a29, author = {Baran S}, title = {{Play Store App Serves Coper Via GitHub}}, date = {2023-02-08}, organization = {K7 Security}, url = {https://labs.k7computing.com/index.php/play-store-app-serves-coper-via-github/}, language = {English}, urldate = {2023-05-21} } Play Store App Serves Coper Via GitHub
Coper
2022-11-25ResecurityResecurity
@online{resecurity:20221125:in:8e040c2, author = {Resecurity}, title = {{"In The Box" - Mobile Malware Webinjects Marketplace}}, date = {2022-11-25}, organization = {Resecurity}, url = {https://resecurity.com/blog/article/in-the-box-mobile-malware-webinjects-marketplace}, language = {English}, urldate = {2022-12-07} } "In The Box" - Mobile Malware Webinjects Marketplace
Alien Cerberus Coper ERMAC Hydra
2022-07-29Trend MicroTrend Micro Mobile Team
@online{team:20220729:examining:6d98af2, author = {Trend Micro Mobile Team}, title = {{Examining New DawDropper Banking Dropper and DaaS on the Dark Web}}, date = {2022-07-29}, organization = {Trend Micro}, url = {https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html}, language = {English}, urldate = {2022-08-12} } Examining New DawDropper Banking Dropper and DaaS on the Dark Web
Coper DawDropper
2022-07-19Cert-AgIDCert-AgID
@online{certagid:20220719:analysis:ab762a7, author = {Cert-AgID}, title = {{Analysis and technical insights on the Coper malware used to attack mobile devices}}, date = {2022-07-19}, organization = {Cert-AgID}, url = {https://cert-agid.gov.it/news/analisi-e-approfondimenti-tecnici-sul-malware-coper-utilizzato-per-attaccare-dispositivi-mobili/}, language = {Italian}, urldate = {2022-07-25} } Analysis and technical insights on the Coper malware used to attack mobile devices
Coper
2022-06-28Twitter (@_icebre4ker_)Fr4
@online{fr4:20220628:revive:7582d22, author = {Fr4}, title = {{Revive and Coper are using similar phishing template and app}}, date = {2022-06-28}, organization = {Twitter (@_icebre4ker_)}, url = {https://twitter.com/_icebre4ker_/status/1541875982684094465}, language = {English}, urldate = {2022-06-29} } Revive and Coper are using similar phishing template and app
Coper
2022-04-09Bleeping ComputerBill Toulas
@online{toulas:20220409:new:e5e0f1d, author = {Bill Toulas}, title = {{New Android banking malware remotely takes control of your device}}, date = {2022-04-09}, organization = {Bleeping Computer}, url = {https://www.bleepingcomputer.com/news/security/new-android-banking-malware-remotely-takes-control-of-your-device/}, language = {English}, urldate = {2022-06-09} } New Android banking malware remotely takes control of your device
Coper ExoBot
2022-04-08ThreatFabricThreatFabric
@online{threatfabric:20220408:look:2387c96, author = {ThreatFabric}, title = {{Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy}}, date = {2022-04-08}, organization = {ThreatFabric}, url = {https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html}, language = {English}, urldate = {2022-06-09} } Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
Coper ExoBot
2022-04-07The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220407:new:1ec9392, author = {Ravie Lakshmanan}, title = {{New Octo Banking Trojan Spreading via Fake Apps on Google Play Store}}, date = {2022-04-07}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html}, language = {English}, urldate = {2022-04-12} } New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
Coper
2022-03-24CybleincCyble
@online{cyble:20220324:coper:2c91f35, author = {Cyble}, title = {{Coper Banking Trojan: Android Malware Posing As Google Play Store App Installer}}, date = {2022-03-24}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/03/24/coper-banking-trojan/}, language = {English}, urldate = {2022-03-25} } Coper Banking Trojan: Android Malware Posing As Google Play Store App Installer
Coper ExoBot
2021-12-31CERT.PLMarcin Dudek, Michał Praszmo
@online{dudek:20211231:iko:bd137c3, author = {Marcin Dudek and Michał Praszmo}, title = {{IKO activation - Malware campaign}}, date = {2021-12-31}, organization = {CERT.PL}, url = {https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/}, language = {Polish}, urldate = {2022-01-05} } IKO activation - Malware campaign
Coper
2021-07-21Doctor Web@m0br3v
@online{m0br3v:20210721:copera:edaa852, author = {@m0br3v}, title = {{The Coper―a new Android banking trojan targeting Colombian users}}, date = {2021-07-21}, organization = {Doctor Web}, url = {https://news.drweb.com/show/?p=0&lng=en&i=14259&c=0}, language = {English}, urldate = {2021-07-22} } The Coper―a new Android banking trojan targeting Colombian users
Coper

There is no Yara-Signature yet.