MobileOrder

MobileOrder is a sophisticated piece of malware designed to exploit mobile devices. It operates by registering itself as a device administrator, thus preventing users from simply uninstalling it through regular settings. MobileOrder communicates with its command and control (C2) server over TCP port 3728, receiving instructions referred to as "orders". These orders are executed via a robust set of commands, providing the Trojan with a wide range of capabilities. Its functionality is similar to other malware variants, but our analysis indicates that MobileOrder possesses unique characteristics. The infrastructure of MobileOrder's C2 servers shows significant overlap with other Trojans such as FakeM, Psylo, Elirks, and CallMe. This overlap, particularly evident in their domain names and/or IP resolution, suggests a shared origin or common operator behind these Trojans. Furthermore, the connection between FakeM, Psylo, and MobileOrder points towards the activities of Scarlet Mimic, a known cyber espionage group. The group appears to be expanding its efforts from targeting PCs to infiltrating mobile devices, indicating a major shift in their tactics. Unit 42 has been actively tracking this mobile Trojan due to its potential for widespread damage and data theft. The presence of MobileOrder marks an evolution in the landscape of cybersecurity threats, with more focus shifting towards mobile platforms. As mobile devices become increasingly integral in both personal and professional settings, it is crucial to develop effective countermeasures against such advanced threats like MobileOrder.