The National Computer Emergency Response Team (CERT) has issued an advisory warning about a surge in hostile Advanced Persistent Threats (APTs) targeting Pakistani officials via compromised Android applications.
These applications, identified on the Google Play Store, aim to stealthily extract sensitive personal and financial data from users’ mobile devices upon installation.
Without user consent, these apps gather extensive information, including media files, contact lists, calendar events, and message logs. In a concerning development, some of these applications reportedly offer identifiable information (PII) of Pakistani citizens for sale, putting at risk the privacy and security of thousands.
CERT’s investigation reveals that these apps disguise themselves as legitimate tools to lure users into downloading them. Once installed, they exploit permissions to gain access to the phone’s data, often without the user realizing the extent of the access granted. This unauthorized data exfiltration could lead to identity theft and potential financial fraud, especially as some of these apps promote PII availability on demand.
CERT’s report emphasizes that the underlying danger lies in users unknowingly enabling these permissions, which allow malicious applications to siphon off private information.
According to the advisory, specific indicators of compromise (IOCs) were identified, listing several suspicious applications that users are urged to uninstall immediately. Apps such as “Initial Test Preparation,” “Intelligence MCQs Test,” “Pak eServices 2024,” and others developed by ITAppCoding are named in the advisory as having dangerous data practices.
These apps, which pose as standard tools like bill checkers or online shopping portals, reportedly gain access to users’ private data upon installation. CERT strongly recommends avoiding these applications and reviewing devices for any unfamiliar apps.
In terms of preventive measures, CERT advises users to carefully vet applications before installation. This includes checking the app developer’s credentials, reviewing permissions, and reading privacy policies to understand data collection practices.
Users are also encouraged to limit app permissions to necessary functions only and to enable Google Play Protect, which helps in detecting potentially harmful applications. Regularly monitoring app behavior for unusual data usage or requests for permissions can also help spot malicious apps before significant harm is done.
To mitigate the impact of this threat, CERT recommends immediate action for those who may have inadvertently downloaded suspicious apps. Users are advised to uninstall any flagged applications promptly and report them to CERT. Additional security measures such as regularly backing up data, using strong passwords, and enabling multifactor authentication are suggested to minimize damage in case of a breach.
CERT also urges individuals to avoid using personal devices in sensitive environments and to disable location services when not needed.
Stay Connected with ProPakistani
Get the latest tech news, telecom insights, and product launches wherever you prefer.
Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.
