#Cybersecurity#vulnerability#malware#security#software
  • Home
  • Rogue Android Apps Target Pakistani Individuals

Rogue Android Apps Target Pakistani Individuals

Author : ArmCoding
20-06-2023
Share
Rogue Android Apps Target Pakistani Individuals

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign.

Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as APT-C-35 and Viceroy Tiger.

The espionage activity involves duping Android smartphone owners into downloading a program that’s used to extract contact and location data from unwitting victims.

“The motive behind the attack is to gather information via the stager payload and use the gathered information for the second-stage attack, using malware with more destructive features,” the company said.

While an October 2021 report from Amnesty International linked the group’s attack infrastructure to an Indian cybersecurity company called Innefu Labs, Group-IB, in February 2023, said it identified overlaps between DoNot Team and SideWinder, another suspected Indian hacking crew.

Attack chains mounted by the group leverage spear-phishing emails containing decoy documents and files as lures to spread malware. In addition, the threat actor is known to use malicious Android apps that masquerade as legitimate utilities in their target attacks.

The latest set of applications discovered by Cyfirma originate from a developer named “SecurITY Industry” and pass off as VPN and chat apps, with the latter still available for download from the Play Store –

  • iKHfaa VPN (com.securityapps.ikhfaavpn) – 10+ downloads
  • nSure Chat (com.nSureChat.application) – 100+ downloads

By utilizing the Google Play Store as a malware distribution vector, the approach abuses the implicit trust placed by users on the online app marketplace and lends it an air of legitimacy. It’s, therefore, essential that apps are carefully scrutinized prior to downloading them.

“It appears that this Android malware was specifically designed for information gathering,” Cyfirma said. “By gaining access to victims’ contact lists and locations, the threat actor can strategize future attacks and employ Android malware with advanced features to target and exploit the victims.”

 

 

Source: https://thehackernews.com/

 

#Cybersecurity#google#GooglePlay#malware#security#vulnerability
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw
  • 31-05-2024
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities
  • 31-05-2024
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
BreachForums Returns Just Weeks After FBI Seizure – Honeypot or Blunder?
  • 30-05-2024
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
  • 30-05-2024
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
WordPress Plugin Exploited to Steal Credit Card Data from E-commerce Sites
  • 29-05-2024
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
  • 29-05-2024
4th Zero-Day Exploit Discovered in May 2024
4th Zero-Day Exploit Discovered in May 2024
  • 27-05-2024
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
Beware: These Fake Antivirus Sites Spreading Android and Windows Malware
  • 27-05-2024
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
CISA Warns of Actively Exploited Apache Flink Security Vulnerability
  • 24-05-2024