SYMBOLCOMMON_NAMEaka. SYNONYMS
apk.coper (Back to overview)

Coper

aka: ExobotCompact, Octo

Coper is a descendant of ExoBotCompat, which was a rewritten version of Exobot.
Malicious Coper apps have a modular architecture and a multi-stage infection mechanism. Coper has originally been spotted in Colombia but has since emerged in Europa as well.

References
2022-04-08ThreatFabricThreatFabric
@online{threatfabric:20220408:look:2387c96, author = {ThreatFabric}, title = {{Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy}}, date = {2022-04-08}, organization = {ThreatFabric}, url = {https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html}, language = {English}, urldate = {2022-04-08} } Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
Coper
2022-04-07The Hacker NewsRavie Lakshmanan
@online{lakshmanan:20220407:new:1ec9392, author = {Ravie Lakshmanan}, title = {{New Octo Banking Trojan Spreading via Fake Apps on Google Play Store}}, date = {2022-04-07}, organization = {The Hacker News}, url = {https://thehackernews.com/2022/04/new-octo-banking-trojan-spreading-via.html}, language = {English}, urldate = {2022-04-12} } New Octo Banking Trojan Spreading via Fake Apps on Google Play Store
Coper
2022-03-24CybleincCyble
@online{cyble:20220324:coper:2c91f35, author = {Cyble}, title = {{Coper Banking Trojan: Android Malware Posing As Google Play Store App Installer}}, date = {2022-03-24}, organization = {Cybleinc}, url = {https://blog.cyble.com/2022/03/24/coper-banking-trojan/}, language = {English}, urldate = {2022-03-25} } Coper Banking Trojan: Android Malware Posing As Google Play Store App Installer
Coper ExoBot
2021-12-31CERT.PLMarcin Dudek, Michał Praszmo
@online{dudek:20211231:iko:bd137c3, author = {Marcin Dudek and Michał Praszmo}, title = {{IKO activation - Malware campaign}}, date = {2021-12-31}, organization = {CERT.PL}, url = {https://cert.pl/posts/2021/12/aktywacja-aplikacji-iko/}, language = {Polish}, urldate = {2022-01-05} } IKO activation - Malware campaign
Coper
2021-07-21Doctor Web@m0br3v
@online{m0br3v:20210721:copera:edaa852, author = {@m0br3v}, title = {{The Coper―a new Android banking trojan targeting Colombian users}}, date = {2021-07-21}, organization = {Doctor Web}, url = {https://news.drweb.com/show/?p=0&lng=en&i=14259&c=0}, language = {English}, urldate = {2021-07-22} } The Coper―a new Android banking trojan targeting Colombian users
Coper

There is no Yara-Signature yet.