A sophisticated malware campaign dubbed “DocSwap” has emerged targeting Android users globally by disguising itself as a legitimate document security and viewing application. S2W Security analysts noted that once installed, the malware establishes a connection to command-and-control servers using an encrypted protocol to bypass standard detection methods. Analysis of the network traffic shows that DocSwap communicates with servers primarily located in Eastern Europe and Southeast Asia, using a custom protocol that mimics legitimate HTTPS traffic. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The malware leverages social engineering tactics to trick users into installing what appears to be a productivity tool while covertly establishing persistence on victims’ devices and exfiltrating sensitive information. Security experts recommend immediate removal of any suspicious document viewing applications and running full device scans with reputable antivirus software. When the application is opened, it actually does display document viewing capabilities while simultaneously executing its payload in the background, making detection particularly challenging for average users. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. Initial infection typically occurs through phishing emails or compromised websites promoting the fake document viewer as a solution for securely opening PDF and Office files. This technique helps evade sandbox analysis and dynamic scanning tools commonly used by security researchers.
This Cyber News was published on cybersecuritynews.com. Publication date: Tue, 18 Mar 2025 14:55:16 +0000