: Run a deep scan using a reputable antivirus or mobile security suite (e.g., Malwarebytes, Bitdefender).
: Connection to unrecognized IP addresses (often hosted on VPS providers like DigitalOcean or Linode) immediately after extraction.
Based on current threat intelligence and file databases, is identified as a malicious archive often used in phishing or smishing (SMS phishing) campaigns to deliver malware, likely targeting mobile devices or used as a stage for credential theft. File Overview Filename: sc23901-SMS.rar Type: Compressed RAR Archive sc23901-SMS.rar
: Monitors and uploads incoming SMS messages to a Command & Control (C2) server, often to bypass Two-Factor Authentication (2FA) for bank accounts.
: "Package Delivery," "Action Required," "Verify Identity." Recommended Actions : Run a deep scan using a reputable
The malware attempts to gain "Accessibility Services" or "Device Administrator" permissions if it is an Android-based payload. :
: The archive typically contains an executable ( .exe ), a script ( .js , .vbs ), or an Android application package ( .apk ). In recent campaigns, similar naming conventions have been linked to SpyLoan or SMS Stealer malware families. Execution Path : Once extracted, the user is prompted to run the file. File Overview Filename: sc23901-SMS
Usually distributed via unsolicited SMS messages or emails claiming to be a shipping notification, urgent security alert, or a missed "package" delivery. Technical Analysis & Behavior