: The archive typically contains an executable ( .exe ), a script ( .js , .vbs ), or an Android application package ( .apk ). In recent campaigns, similar naming conventions have been linked to SpyLoan or SMS Stealer malware families. Execution Path : Once extracted, the user is prompted to run the file.
: Deploys overlay screens over legitimate banking or social media apps to steal login details. Indicators of Compromise (IOCs) Filename : sc23901-SMS.rar sc23901-SMS.rar
: If the file was executed, assume credentials may be compromised. Reset passwords for sensitive accounts, especially banking and email, from a different, clean device . : The archive typically contains an executable (
Based on current threat intelligence and file databases, is identified as a malicious archive often used in phishing or smishing (SMS phishing) campaigns to deliver malware, likely targeting mobile devices or used as a stage for credential theft. File Overview Filename: sc23901-SMS.rar Type: Compressed RAR Archive : Deploys overlay screens over legitimate banking or