Full Report
2025-04-01 • ANY.RUN • Adhikara Open article on Malpedia
Analysis Summary
# Tool/Technique: Salvador Stealer
## Overview
Salvador Stealer is a novel piece of Android malware specifically designed to steal sensitive banking details and One-Time Passwords (OTPs) from infected mobile devices.
## Technical Details
- Type: Malware family (Android Stealer)
- Platform: Android
- Capabilities: Phishing for banking credentials, stealing OTPs, exfiltrating data.
- First Seen: Information not explicitly provided in the context, but reported on 2025-04-01.
## MITRE ATT&CK Mapping
*Note: Specific TIDs are not available in the context, but mappings are inferred based on function.*
- Tactic: Collection
- Technique Name: Input Capture
- Sub-technique if applicable: (Inferred: Overlaying legitimate apps to capture input)
- Tactic: Exfiltration
- Technique Name: Exfiltration Over C2 Channel
## Functionality
### Core Capabilities
- Phishing user input on banking applications.
- Stealing sensitive authentication data, including usernames, passwords, and credit card information.
- Capturing One-Time Passwords (OTPs) received via SMS or other authentication prompts.
### Advanced Features
- (No advanced features explicitly detailed in the context, primary focus is credential harvesting.)
## Indicators of Compromise
- File Hashes: [Not provided]
- File Names: [Not provided]
- Registry Keys: [Not applicable to standard Android data]
- Network Indicators: [Not provided]
- Behavioral Indicators: Displaying overlays mimicking legitimate financial applications; requesting SMS read permissions; attempting to exfiltrate collected data.
## Associated Threat Actors
- (No specific threat actors associated were named in the provided context.)
## Detection Methods
- Signature-based detection: (Requires signature for the specific malware package/code.)
- Behavioral detection: Monitoring applications that request excessive permissions (e.g., accessibility services, SMS access) and display deceptive UI elements over legitimate apps.
- YARA rules: (Not provided)
## Mitigation Strategies
- Prevention measures: Avoiding installation of applications from untrusted sources outside of official app stores.
- Hardening recommendations: Regularly reviewing application permissions and disabling unnecessary services. Maintaining up-to-date Android security patches.
## Related Tools/Techniques
- Other Android stealer malware families (e.g., FluBot, Cerberus).