NTISB Issues Alert Against Hacking Group Targeting Android Users

The National Telecommunication and Information Security Board (NTISB) has warned that Konfety Group targets Android users with evil twin malicious Play Store Apps.

The Board issued an advisory that stated that the Google Play Store identified and thwarted an active malicious campaign targeting Android users globally. Collectively named Konfety Apps; this campaign used 250+ Decoy Evil Twin android applications.

The malicious activity is allegedly conducted by the Russian Konfety cybercrime group having ulterior motives primarily backed by monetary gains using advertisement fraud.

The advisory further noted that attackers use advertising campaigns to promote modified APK and redirect users to download malicious apps. Konfety malware involves a dropper APK that further loads an obfuscated stager and back-doored SDK, making it highly evasive and hence difficult to detect. Further, the decoy twin apps used by attackers appear harmless while Evil Twin mimics them to commit ad fraud, install payloads, second-stage malware code injection, etc.

The Board recommended that although Google has removed Konfety apps from its Play Store, however, if any of the attached malicious Konfety apps are found installed on smartphones, the following remedial measures may be opted for:

  1. Immediately uninstall the specific Konfety app.
  2. Perform a factory reset.
  3. Take a backup of personal media files (excluding device/system apps).
  4. Restrict unnecessary app permission and set it to while using the App only.
  5. Download and install software only from official app stores like Play Store or the IOS App Store.
  6. Keep your smartphone, OS, and apps updated.
  7. Regularly check the smart devices/Wi-Fi data usage of apps installed on smart devices.
  8. Use a reputed anti-virus and internet security software package on your smart devices.

The Board issued another advisory which stated that Google has released Chrome browser version 126 with security updates to address 10 vulnerabilities.

The majority of the vulnerabilities are high-severity memory issues potentially leading to Sandbox Escapes and Remote Code Execution. Fixes include flaws in V8’s Implementation, Type Confusion, and Use-After-Free bugs in Screen Capture, Media Stream, Audio, and Navigation. Google also addressed Race Conditions in DevTools and an Out-of-Bound memory access in V8. No exploits in the wild are reported but users are urged to update promptly.

To safeguard against Chrome vulnerabilities, users are advised to ensure that the Google Chrome browser is updated to the following versions (by navigating to Settings>About Chrome and Relaunching the browser):

  1. Version 126.0.6478.182 or later on Windows/Linux
  2. Version 126.0.6478.183 or later on macOS
  3. Version 126.0.6478.186 or later on Android.

Follow ProPakistani on Google News & scroll through your favourite content faster!

Support independent journalism

If you want to join us in our mission to share independent, global journalism to the world, we’d love to have you on our side. If you can, please support us on a monthly basis. It takes less than a minute to set up, and you can rest assured that you’re making a big impact every single month in support of open, independent journalism. Thank you.


  • If you suspect your partner of questionable behavior, consider utilizing the services of Crypto Pandemic Hunter to uncover the truth. After experiencing a sudden change in my ex-husband’s behavior, such as increased secrecy and late nights, I turned to Crypto Pandemic Hunter for assistance. The team meticulously analyzed my ex-husband’s phone calls, social media, and email accounts, unveiling a disturbing reality: he had been using our savings to fund hotel reservations with a colleague disguised as business trips. Despite the devastating truth, the investigators at Crypto Pandemic Hunter provided support and guidance, allowing the me to confront the deception and begin the healing process. For those grappling with doubt and suspicion in their relationships, Crypto Pandemic Hunter offers professional and discreet services to reveal the truth. Contact them at cryptopandemichunter @….consultant.com for assistance.


  • Get Alerts

    Follow ProPakistani to get latest news and updates.


    ProPakistani Community

    Join the groups below to get latest news and updates.



    >