diversity south africa man holding smartphone mobile technology connected by peopleimages gettyimag

Spy campaign downloads VPN spyware on Android devices via social media

A new spying campaign, dubbed SandStrike, has been exposed using malware VPN Applications to download spyware on Android devices, cybersecurity company Kaspersky reports. It is an example of how to do it APT (Advanced and Persistent Threat) Representatives are constantly updating old attack tools and creating new ones to launch new malicious campaigns, especially against mobile devices.

“In their attacks, they use cunning and unexpected tactics: SandStrike, attacking users via a VPN service, in which victims have tried to find protection and security, is an excellent example,” Victor Chebyshev, Principal Security Researcher at Kaspersky (Global Research & Analysis) Team (GReAT) ), he said in a Blog post.

APT uses social media accounts to attract victims

In the SandStrike campaign, APT created Facebook and Instagram accounts with over 1,000 followers to attract their victims. The campaign targets a religious minority, the Baha’i, followed by Iran and parts of the Middle East, Asia and the Pacific. As of 2019, six countries in those regions have banned the Baha’i faith, according to Pew Research Center. However, the campaign serves as a warning, in particular, to social media and mobile users everywhere.

“Today it is easy to distribute malware through social networks and remain undetected for months or more. This is why it is so important to be more alert than ever and to make sure that you are armed with threat intelligence and the right tools to protect against current threats and emerging, ”said Chebyshev. The attack was seen active in the third quarter of this year.

Social media accounts created by the SandStrike campaign are made attractive with religious-themed graphic materials, attracting loyal believers. Accounts contain a link to a file cable Channel created by APT.

Using a malicious VPN app that infects Android devices

SandStrike uses Telegram to distribute what appears to be a legitimate VPN app. The idea is that a VPN service can allow access to religious-related material that is prohibited and not available to the public via other means. The attackers created a VPN infrastructure to make the malicious spyware application fully functional.

“The VPN client contains fully functional spyware with capabilities that allow threat actors to collect and steal sensitive data, including call logs and contact lists, as well as track any other activities of persecuted individuals,” Kaspersky said.

Kaspersky does not attribute the new malicious activity to any particular group and does not specify the number of infected people. The fact that the campaign targets a banned religious group suggests that geopolitics plays a role, which is an increasingly common theme in malware campaigns.

“Geopolitics continues to be a major driver of APT development and cyber espionage remains a primary target of APT campaigns,” Kaspersky noted in its most recent APT . Trends Report.

APT attacks are geographically spread

Kaspersky noted that APT campaigns are also becoming more geographically dispersed, particularly in the Middle East. For example, FramedGolf, which is not previously documented IIS (Internet Information Services) Kapsersky said in an APT Trends report that a backdoor that can only be found in Iran has been discovered that is designed to establish a firm foothold in the targeted organizations.

Kaspersky said the malware has been used to infect at least a dozen organizations, starting in April 2021 at the latest, and most of them are still vulnerable as of late June 2022.

In the third quarter, Kaspersky also noticed an expansion of attacks in Europe, the United States, Korea, Brazil and various parts of Asia.

Mobile malware is on the rise

Malicious actors are also increasingly targeting mobile devices. about 5.5 million MalwareAnd the adwareAnd the risk programs Attacks targeting mobile devices blocked by Kaspersky in the second quarter of the year. Adware was involved in more than 25% of the attacks. But other threats such as mobile banking Trojans, cell phone ransomware Malware downloaders were also seen.

Other than that, the first quarter of the year saw a 500% increase in attempts to deliver malware to mobile devices in Europe, according to research by Proofpoint. The increase followed a sharp drop in attacks towards the end of 2021.

It was also found that attackers target Android devices far more than iOS devices. Proofpoint noted that iOS does not allow users to install an app via an unofficial third-party app store or download it directly to the device, as Android does.

Copyright © 2022 IDG Communications, Inc.

#Spy #campaign #downloads #VPN #spyware #Android #devices #social #media

Leave a Comment

Your email address will not be published. Required fields are marked *