Android infostealer feed
Android infostealer feed contains targeted information about current and prevalent Android infostealer samples and associated data. Infostealers often target banking information on Android devices and when they are installed, they can compromise the security and privacy of individuals and organizations, leading to identity theft, financial loss, and other severe consequences. The data that this feed provides helps you understand which Android infostealer families are being seen in the wild and enables you to proactively block them.
ESET ensures compatibility through using standards like TAXII 2.1 and STIX 2.1, which make the ESET threat intelligence data easily consumable across various TIP, XDR/EDR, SIEM, SOAR, and firewalls. Each of these feeds is created in near real time, and deduplication happens every 24 hours.
Android infostealer feed mainly utilizes the following STIX 2.1 SDO, SRO and SCO objects and related metadata:
Example data is directly available inside the ESET Threat Intelligence portal. To use the portal without the license in Demo mode, follow the steps in the Get started guide to create an account. Additionally, see the Demo mode topic.
ESET STIX 2.1 SDO Names and Labels
Indicator
•Name: "Malware variant"—file has shown malicious activity—High severity threat, High confidence
•Label: "malicious-activity"
Malware
•Name: name of the detection
•Labels:
o"trojan"
o"worm"
o"virus"
o"dropper"
o"adware"
o"rogue security software"
o"ransomware"
o"keylogger"
o"rootkit"
o"ddos"
o"bot"
o"spyware"