: Deploys overlay screens over legitimate banking or social media apps to steal login details. Indicators of Compromise (IOCs) Filename : sc23901-SMS.rar
: "Package Delivery," "Action Required," "Verify Identity." Recommended Actions sc23901-SMS.rar
: Connection to unrecognized IP addresses (often hosted on VPS providers like DigitalOcean or Linode) immediately after extraction. : Deploys overlay screens over legitimate banking or
: The archive typically contains an executable ( .exe ), a script ( .js , .vbs ), or an Android application package ( .apk ). In recent campaigns, similar naming conventions have been linked to SpyLoan or SMS Stealer malware families. Execution Path : Once extracted, the user is prompted to run the file. " "Action Required