{"id":44981,"date":"2022-01-25T00:00:00","date_gmt":"2022-01-25T00:00:00","guid":{"rendered":"urn:uuid:7120b6d2-9b7d-4043-3d1a-49cb022fd25c"},"modified":"2022-01-25T00:00:00","modified_gmt":"2022-01-25T00:00:00","slug":"tianyspy-malware-uses-smishing-disguised-as-message-from-telco","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/","title":{"rendered":"TianySpy Malware Uses Smishing Disguised as Message From Telco"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/tianypsy-main.jpg\"><!-- OneTrust Cookies Consent Notice start for trendmicro.com --><!-- OneTrust Cookies Consent Notice end for trendmicro.com --> <!-- Begin mPulse library --> <!-- END mPulse library --> <head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width\"> <meta name=\"description\"> <meta name=\"robots\" content=\"index,follow\"> <meta name=\"keywords\" content=\"malware,research,mobile,articles, news, reports\"> <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge,chrome=1\"> <meta name=\"template\" content=\"article1withouthero\"> <meta property=\"article:published_time\" content=\"2022-01-25\"> <meta property=\"article:tag\" content=\"mobile\"> <meta property=\"article:section\" content=\"research\"> <link rel=\"icon\" type=\"image\/ico\" href=\"\/content\/dam\/trendmicro\/favicon.ico\"> <link rel=\"canonical\" href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html\"> <title>TianySpy Malware Uses Smishing Disguised as Message From Telco<\/title> <link href=\"https:\/\/fonts.googleapis.com\/css?family=Open+Sans:300,300i,400,400i,600\" rel=\"stylesheet\">\n<link href=\"\/\/customer.cludo.com\/css\/296\/1798\/cludo-search.min.css\" type=\"text\/css\" rel=\"stylesheet\"> <link rel=\"stylesheet\" href=\"\/etc.clientlibs\/trendresearch\/clientlibs\/clientlib-trendresearch.min.css\" type=\"text\/css\"> <meta property=\"og:url\" content=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html\"><br \/>\n<meta property=\"og:title\" content=\"TianySpy Malware Uses Smishing Disguised as Message From Telco\"><br \/>\n<meta property=\"og:site_name\" content=\"Trend Micro\"><br \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/tianypsy-main.jpg\"><br \/>\n<meta property=\"og:locale\" content=\"en_US\"> <meta name=\"twitter:card\" content=\"summary_large_image\"><br \/>\n<meta name=\"twitter:site\" content=\"@TrendMicro\"><br \/>\n<meta name=\"twitter:title\" content=\"TianySpy Malware Uses Smishing Disguised as Message From Telco\"><br \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/tianypsy-main.jpg\"> <\/head> <body class=\"articlepage page basicpage context-business\" id=\"readabilityBody\" readability=\"50.764286522576\"> <!-- Page Scroll: Back to Top --> <a id=\"page-scroll\" title=\"VerticalPageScroll\" href=\"javascript:jumpScroll($(this).scrollTop());\"> <span class=\"icon-chevron-up\"><\/span> <\/a> <!-- \/* Data Layer *\/ --> <\/p>\n<div class=\"root responsivegrid\">\n<div class=\"aem-Grid aem-Grid--12 aem-Grid--default--12 \">\n<div class=\"articleBodyNoHero aem-GridColumn aem-GridColumn--default--12\">\n<div class=\"research-layout article container\" role=\"contentinfo\">\n<article class=\"research-layout--wrapper row\" data-article-pageid=\"563558908\">\n<div class=\"col-xs-12 col-md-12 one-column\">\n<div class=\"col-xs-12 col-md-12\" readability=\"8.3038461538462\">\n<div class=\"article-details\" role=\"heading\" readability=\"36.146153846154\"> <span class=\"article-details__bar\" role=\"img\"><\/span> <\/p>\n<p class=\"article-details__display-tag\">Mobile<\/p>\n<p class=\"article-details__description\">Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services. <\/p>\n<p class=\"article-details__author-by\">By: Trend Micro <time class=\"article-details__date\">January 25, 2022<\/time> <span>Read time:&nbsp;<\/span><span class=\"eta\"><\/span> (<span class=\"words\"><\/span> words) <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<hr class=\"research-layout-divider\"> <main class=\"main--content col-xs-12 col-md-8 col-md-push-2\"> <\/p>\n<div class=\"richText\" readability=\"33.880471380471\">\n<div readability=\"18.069584736251\">\n<p><i>This blog was first published here: <\/i><a href=\"https:\/\/blog.trendmicro.co.jp\/archives\/29322\" target=\"_blank\" rel=\"noopener\">https:\/\/blog.trendmicro.co.jp\/archives\/29322<\/a><\/p>\n<p>It has been some time since SMS or text messaging has become a means to spread mobile malware. In September 2021, Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The chain is triggered by a smishing message that appears to be sent from a telecommunications company. It is surmised that the malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services.<\/p>\n<p>This is the first case confirmed by Trend Micro wherein an iPhone device was the target of a malware infection triggered by smishing, as Android devices have always been the main target in all other cases. This is a noteworthy cyberthreat, considering that the <a href=\"https:\/\/www.jc3.or.jp\/\" target=\"_blank\" rel=\"noopener\">Japan Cybercrime Control Center (JC3)<\/a> also published a similar <a href=\"https:\/\/www.jc3.or.jp\/threats\/examples\/article-409.html\" target=\"_blank\" rel=\"noopener\">alert<\/a>.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig1-tianyspy.png\" alt=\"Examples of smishing message confirmed to be part of a TianySpy campaign\"><figcaption>Figure 1. Examples of smishing message confirmed to be part of a TianySpy campaign<\/figcaption><\/figure>\n<\/p><\/div>\n<div>\n<div class=\"richText\" readability=\"39\">\n<div readability=\"23\">\n<p><span class=\"body-subhead-title\">Infection chain<\/span><\/p>\n<p>This campaign was confirmed as active between September 30 and October 12, 2021. The smishing message, which was disguised as coming from a telecommunications company, contains a link to a malicious website. In turn, the website contains instructions to install what appears to be security software but is actually malware. Trend Micro confirmed two patterns of the message spread in this campaign:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">In the first pattern, the SMS is sent from a malicious SMS delivery service:<br \/>\u3010\u25cf\u25cf\u25cf\u3011\u304a\u5ba2\u69d8\u304c\u3054\u5229\u7528\u306e\u25cf\u30a2\u30ab\u30a6\u30f3\u30c8\u304c\u4e0d\u6b63\u5229\u7528\u306e\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u3054\u78ba\u8a8d\u304c\u5fc5\u8981\u3067\u3059\u3002<\/span>\n<ul>\n<li><span class=\"rte-red-bullet\">(In English, this reads as follows: \u201cUnauthorized access to your account detected. Please confirm.\u201d)<\/span><\/li>\n<\/ul>\n<\/li>\n<li><span class=\"rte-red-bullet\">In the second pattern, the SMS is potentially sent from devices infected by \u201cAndroidOS_KeepSpy.GCL,\u201d an Android malware:<br \/>\u25cf\u25cf\u25cf\u304a\u5ba2\u69d8\u30bb\u30f3\u30bf\u30fc\u3067\u3059\u3002\u3054\u5229\u7528\u6599\u91d1\u306e\u304a\u652f\u6255\u3044\u78ba\u8a8d\u304c\u53d6\u308c\u3066\u304a\u308a\u307e\u305b\u3093\u3002\u3054\u78ba\u8a8d\u304c\u5fc5\u8981\u3067\u3059\u3002<\/span>\n<ul>\n<li><span class=\"rte-red-bullet\">(In English, this reads as follows: \u201cYour payment could not be confirmed. Please confirm.\u201d)<\/span><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>In the first pattern, TianySpy was confirmed to be infected in cases where users accessed the malicious link from both Android and iPhone devices. In the second pattern, users of Android devices were lured into accessing the malicious link, resulting in their devices being infected with KeepSpy. In the same pattern, users of iPhones who accessed the malicious link were infected with the version of TianySpy for their device.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig2-tianyspy.png\" alt=\"Malicious site accessed from an Android device\"><figcaption>Figure 2. Malicious site accessed from an Android device<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig3-tianyspy.png\" alt=\"Malicious site accessed from an iPhone device\"><figcaption>Figure 3. Malicious site accessed from an iPhone device<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.5\">\n<div readability=\"20\">\n<p>The configuration profile in an iPhone is a function that can be used to define configuration for various functions of the device, including the Wi-Fi setting. In this campaign, users were lured into downloading and installing a malicious configuration profile upon accessing a link in a smishing message sent to their iPhone. Research from Trend Micro has confirmed that device information, such as the Unique Device Identifier (UDID), is sent to the attacker\u2019s site when the malicious configuration profile is installed.<\/p>\n<p>The sent UDID is then used in a provisioning profile, which has TianySpy built in. This enables TianySpy to infect an iPhone through Ad Hoc distribution, which is usually used to deploy an application in its development stage.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig4-tianyspy.png\" alt=\"Example of a malicious configuration profile\"><figcaption>Figure 4. Example of a malicious configuration profile<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig5-tianyspy.png\" alt=\"Example of data transmitted upon installation of configuration profile\"><figcaption>Figure 5. Example of data transmitted upon installation of configuration profile<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig6-tianyspy.png\" alt=\"Example of malicious application (.ipa) and provisioning profile\"><figcaption>Figure 6. Example of malicious application (.ipa) and provisioning profile<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig7-tianyspy.png\" alt=\"Contents of embedded mobile provision\"><figcaption>Figure 7. Contents of embedded mobile provision (UUID stolen from iPhone can be seen as installable device)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"36.5\">\n<div readability=\"18\">\n<p><span class=\"body-subhead-title\">Malware analysis<\/span><\/p>\n<p>From the results of our analysis of TianySpy (Android version), we determined that the malware has the following functions:<\/p>\n<ul>\n<li><span class=\"rte-red-bullet\">Reading Wi-Fi settings<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Falsifying a legitimate telecommunication company\u2019s site, specifically its usage statement via WebView (via Application Web display system for Android)<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Information stealing through a malicious JavaScript<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Sending stolen data by mail<\/span><\/li>\n<li><span class=\"rte-red-bullet\">Displaying a malicious or fake site<\/span><\/li>\n<\/ul>\n<p>TianySpy first checks Wi-Fi settings and then displays an alert message inducing the user to turn off the Wi-Fi, if enabled. If the Wi-Fi is disabled, an authentication page (authentication is required prior to displaying the usage statement page) is shown and credential information and authorized cookies are sent to the attacker\u2019s email address. During this process, the Wi-Fi is likely disabled, as the attacker wants to collect credentials over a carrier network.&nbsp;<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig8-tianyspy.png\" alt=\"Decompiled codes from TianySpy Android version and an alert message\"><figcaption>Figure 8. Decompiled codes from TianySpy Android version (left) and an alert message shown when Wi-Fi is enabled (right)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig9-tianyspy.png\" alt=\"Decompiled codes from TianySpy Android version\"><figcaption>Figure 9. Decompiled codes from TianySpy Android version (encrypted attacker\u2019s email address)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig10-tianyspy.png\" alt=\"Decrypted attacker\u2019s email address\"><figcaption>Figure 10. Decrypted attacker\u2019s email address<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"33.5\">\n<div readability=\"12\">\n<p>Stop.html, which is enclosed in TianySpy, is displayed upon accessing a legitimate usage statement page. Stop.html contains contents that make it seem that the site is under maintenance or security enhancement. We believe that the reason behind this is that the attacker wishes to hide the usage statement page.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig11-tianyspy.png\" alt=\"Stop.html enclosed in the resource of TianySpy Android version\"><figcaption>Figure 11. Stop.html enclosed in the resource of TianySpy Android version<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig12-tianyspy.png\" alt=\"Contents of stop.html\"><figcaption>Figure 12. Contents of stop.html<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"34.5\">\n<div readability=\"14\">\n<p>The iPhone version of TianySpy shows many similarities with its Android version, such as holding encrypted strings that contain the URL of the website\u2019s usage statement, the attacker\u2019s email address, and stop.html. Hence, the iPhone version of TianySpy is highly likely to steal credentials and send them to the attacker.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig13-tianyspy.png\" alt=\"String values included in the iPhone version of TianySpy\"><figcaption>Figure 13. String values included in the iPhone version of TianySpy<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig14-tianyspy.png\" alt=\"String values included in the iPhone version of TianySpy\"><figcaption>Figure 14. String values included in the iPhone version of TianySpy (encrypted email address)<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig15-tianyspy.png\" alt=\"Decrypted email address; the same email address is seen in the Android version of TianySpy\"><figcaption>Figure 15. Decrypted email address; the same email address is seen in the Android version of TianySpy<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"37.134593993326\">\n<div readability=\"21.899888765295\">\n<p><span class=\"body-subhead-title\">Relation with phishing group targeting local banks in Japan<\/span><\/p>\n<p><a href=\"https:\/\/www.trendmicro.com\/ja_jp\/about\/security-activity.html\" target=\"_blank\" rel=\"noopener\">The Cyber Security Institute<\/a> at Trend Micro collaborated with JC3 and its members to research and analyze a phishing group targeting domestic banks in Japan. The <a href=\"https:\/\/www.jc3.or.jp\/threats\/topics\/article-347.html\" target=\"_blank\" rel=\"noopener\">results<\/a> of this collaboration were reported in April 2021. Trend Micro also <a href=\"https:\/\/blog.trendmicro.co.jp\/archives\/27635\" target=\"_blank\" rel=\"noopener\">reported <\/a>notable characteristics of BP1 and BP6, the two largest banking phishing groups identified in the project.<\/p>\n<p>As mentioned earlier, some text messages seen in this campaign contained links to lure users into installing security software. In reality, however, users would end up unknowingly infecting their device with the Android malware KeepSpy. It has also been confirmed that when accessed via an iPhone outside of the observed campaign period (September 30 to October 12, 2021), these phishing sites appear as websites for a telecommunication company and are categorized under the BP1 group.<\/p>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig16-tianyspy.png\" alt=\"HTML source of a phishing site disguised as the website of a telecommunication company\"><figcaption>Figure 16. HTML source of a phishing site disguised as the website of a telecommunication company<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"image\">\n<figure class=\"image-figure\"> <img decoding=\"async\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/fig17-tianyspy.png\" alt=\"HTML source of a phishing site disguised as the website of a telecommunication company\"><figcaption>Figure 17. HTML source of a phishing site disguised as the website of a telecommunication company<\/figcaption><\/figure>\n<\/p><\/div>\n<div class=\"richText\" readability=\"38.704888569375\">\n<div class=\"responsive-table-wrap\" readability=\"23.516894320633\">\n<p><span class=\"body-subhead-title\">How to protect yourself from phishing<\/span><\/p>\n<p>This is the first case in Japan where a type of malware that targets iPhones resulted in financial damage.<\/p>\n<p>This campaign shows that iPhones can indeed be infected by malware once a malicious configuration profile is installed. This case also confirmed that simply accessing a malicious website would not inevitably infect a device with malware. Rather, a user has to complete the process of installing the malware for infection to take place. This means that with enough knowledge and caution, a user can protect their device from infection.<\/p>\n<p>We also believe that smishing continues to be part of this loop of attack chains targeting smartphones. In the meantime, JC3 continues to publish <a href=\"https:\/\/www.jc3.or.jp\/threats\/examples\/article-409.html\" target=\"_blank\" rel=\"noopener\">alert notifications<\/a> with regard to the same campaign detailed in this blog for additional reference.<\/p>\n<p>More details on smishing and how to protect yourself from such threats can be found in <a href=\"https:\/\/www.is702.jp\/special\/3902\" target=\"_blank\" rel=\"noopener\">this blog<\/a>.<\/p>\n<p><span class=\"body-subhead-title\">Indicators of compromise<\/span><\/p>\n<table cellpadding=\"1\" cellspacing=\"0\" border=\"1\" width=\"100%\">\n<tbody readability=\"6\">\n<tr>\n<td>SHA256<\/td>\n<td>Trend Micro Detection<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>b42bdfceb8e7733db22645fee95482dccf5260dcd3ff15ede0de77d2120c3845<\/td>\n<td rowspan=\"6\">AndroidOS_TianySpy.GCL<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>a16878598e0ce5924fa45c09319b48e566f4d935626042ba378f4f1f7b9ad798<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>5d27cc2e0a8ab987341e8995bf50cc763160cce4191df9a94c4b39b570c0d6a5<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>73c19a778500c6fb04f60d60527ea76a870590ed9e0f6014cb03419d02ff0457<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>ada8dfe4914f824e5a4a03aec8f135a4544cc0086830f23285dc67d42ec1f29c<\/td>\n<\/tr>\n<tr readability=\"2\">\n<td>839246c1b13d2d9c87907bdd4069ce0aad02e5660cb10fad4a85805e4b81dcea<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<section class=\"tag--list\">\n<p>Tags<\/p>\n<\/section>\n<p> <\/main> <\/article>\n<\/div>\n<\/div><\/div>\n<\/div>\n<p> <!-- \/* Core functionality javascripts, absolute URL to leverage Akamai CDN *\/ --> <!--For Modal-start--> <\/p>\n<p> <span>sXpIBdPeKzI9PC2p0SWMpUSM2NSxWzPyXTMLlbXmYa0R20xk<\/span> <\/p>\n<p> <!--For Modal-end--> <!-- Go to www.addthis.com\/dashboard to customize your tools --> <\/body> Read More <a href=\"https:\/\/www.trendmicro.com\/en_us\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trend Micro confirmed a new mobile malware infection chain targeting both Android and iPhone devices. The malware might have been designed to steal credentials associated with membership websites of major Japanese telecommunication services. Read More HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":44982,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[61],"tags":[9510,9513,9581,9509],"class_list":["post-44981","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-trendmicro","tag-trend-micro-research-articles-news-reports","tag-trend-micro-research-malware","tag-trend-micro-research-mobile","tag-trend-micro-research-research"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-25T00:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/tianypsy-main.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"TianySpy Malware Uses Smishing Disguised as Message From Telco\",\"datePublished\":\"2022-01-25T00:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/\"},\"wordCount\":1340,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png\",\"keywords\":[\"Trend Micro Research : Articles, News, Reports\",\"Trend Micro Research : Malware\",\"Trend Micro Research : Mobile\",\"Trend Micro Research : Research\"],\"articleSection\":[\"TrendMicro\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/\",\"name\":\"TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png\",\"datePublished\":\"2022-01-25T00:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png\",\"width\":578,\"height\":113},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Trend Micro Research : Articles, News, Reports\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/trend-micro-research-articles-news-reports\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"TianySpy Malware Uses Smishing Disguised as Message From Telco\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/","og_locale":"en_US","og_type":"article","og_title":"TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-25T00:00:00+00:00","og_image":[{"url":"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/research\/22\/a\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/tianypsy-main.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"TianySpy Malware Uses Smishing Disguised as Message From Telco","datePublished":"2022-01-25T00:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/"},"wordCount":1340,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png","keywords":["Trend Micro Research : Articles, News, Reports","Trend Micro Research : Malware","Trend Micro Research : Mobile","Trend Micro Research : Research"],"articleSection":["TrendMicro"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/","url":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/","name":"TianySpy Malware Uses Smishing Disguised as Message From Telco 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png","datePublished":"2022-01-25T00:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/01\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco.png","width":578,"height":113},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/tianyspy-malware-uses-smishing-disguised-as-message-from-telco\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Trend Micro Research : Articles, News, Reports","item":"https:\/\/www.threatshub.org\/blog\/tag\/trend-micro-research-articles-news-reports\/"},{"@type":"ListItem","position":3,"name":"TianySpy Malware Uses Smishing Disguised as Message From Telco"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44981","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44981"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44981\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/44982"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44981"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44981"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44981"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}