Malicious Android apps are targeting people in Pakistan through a new targeted campaign to steal sensitive data and gain unauthorized access.
The news comes from cyber security firm Cyfirma which revealed that two rogue Android apps from the Google Play Store are targeting Pakistani individuals. This is part of a targeted campaign from a hacker group called DoNot Team, also known as APT-C-35 and Viceroy Tiger.
This particular espionage activity involves tricking Android users into downloading a malicious program and using that to extract location information, contacts, and more.
Cyber security experts at Cyfirma said:
The motive behind the attack is to gather information via the stager payload and use the gathered information for the second-stage attack, using malware with more destructive features.
Once the malicious applications are installed, they engage in trojan-like activities in the background, granting remote control over the victim’s system and facilitating the theft of sensitive information from infected devices.
These apps falsely present themselves as VPN and chat applications, with the chat app still accessible for download from the Play Store. They come from a developer called “SecurITY Industry”.
- iKHfaa VPNÂ (com.securityapps.ikhfaavpn) – 10+ downloads
- nSure Chat (com.nSureChat.application) – 100+ downloads
Although the VPN app, which repurposes source code from the authentic Liberty VPN product, is no longer available on the official app storefront, evidence suggests that it was accessible until as recently as June 12, 2023.
The low number of downloads for these applications suggests that they are being utilized as part of a highly specific operation, characteristic of nation-state actors. Both apps have been designed to deceive victims into granting extensive permissions, granting access to their contact lists and precise locations.
Limited information is available about the targeted victims using these malicious apps, except that they are located in Pakistan. It is suspected that users may have been enticed through messages on platforms like Telegram and WhatsApp, enticing them to install these apps.
Through the exploitation of the Google Play Store as a means to distribute malware, this method takes advantage of the inherent trust users place in the online app marketplace, creating an illusion of legitimacy.
It goes without saying that it’s crucial to exercise caution and thoroughly examine apps before downloading them.
