Serbian Journalists Targeted by Pegasus Spyware and Crocodilus Trojan Exploits Mobile Banking Apps

By /

Listen to this Post

Serbian journalists are facing sophisticated cyber threats, including surveillance via Pegasus spyware and attacks leveraging the Crocodilus Trojan to exploit mobile banking applications. These incidents highlight growing concerns over digital privacy and cybersecurity in the region.

You Should Know:

1. Pegasus Spyware Detection and Mitigation

Pegasus, developed by NSO Group, is a notorious spyware that infiltrates devices via zero-click exploits. To detect and prevent Pegasus infections:

  • Check for Indicators of Compromise (IOCs):
    sudo grep -r "NSO" /var/log/

Monitor unusual processes:

ps aux | grep -i "suspect_process"
  • Disable iMessage and Facetime (for iOS):
    Pegasus often exploits these services. Disabling them reduces attack surfaces.

  • Use Mobile Verification Tools:
    Tools like Amnesty International’s MVT (Mobile Verification Toolkit) can scan for Pegasus traces:

    git clone https://github.com/mvt-project/mvt 
cd mvt 
python3 -m pip install -r requirements.txt

2. Crocodilus Trojan Analysis & Defense

Crocodilus is a banking Trojan targeting Android users. Protect yourself with these steps:

  • Check for Fake Banking Apps:
    adb shell pm list packages | grep -i "bank"

Uninstall suspicious apps:

adb uninstall <malicious_package_name>
  • Enable USB Debugging Only When Needed:
    adb shell settings put global adb_enabled 0

  • Monitor Network Traffic for Exfiltration:

    tcpdump -i any -s 0 -w /sdcard/traffic.pcap

3. General Privacy Hardening

  • Use Encrypted Messaging: Signal or Session for secure communication.
  • Disable Unnecessary Permissions:
    adb shell pm revoke <package_name> android.permission.READ_SMS
  • Update Devices Regularly:
    adb shell pm update

What Undercode Say

The attacks on Serbian journalists underscore the increasing weaponization of spyware and Trojans against high-risk targets. Pegasus remains a formidable threat due to its stealth, while banking Trojans like Crocodilus exploit financial apps for fraud.

Key Takeaways:

  • Linux/Mobile Forensic Commands:
    strings /path/to/suspicious_apk | grep -i "http"
  • Windows Defender Scan for Spyware:
    Start-MpScan -ScanType FullScan
  • Network Isolation for Compromised Devices:
    iptables -A INPUT -s <malicious_IP> -j DROP

Stay vigilant, enforce strict app permissions, and use forensic tools to analyze breaches.

Expected Output:

References:

Reported By: Hendryadrian Serbia – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image

Related Posts: