1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Watch out for these fake messaging apps on Android - they could b

    From TechnologyDaily@1337:1/100 to All on Thu Apr 11 12:45:05 2024
    Watch out for these fake messaging apps on Android - they could be spying on you

    Date:
    Thu, 11 Apr 2024 12:30:00 +0000

    Description:
    Threat actors were targeting people in Pakistan and India with information-stealing Android malware.

    FULL STORY ======================================================================

    Cybersecurity researchers from ESET found a handful of malicious Android apps that were spying on people and stealing sensitive information from their mobile devices.

    In a press release shared with TechRadar Pro earlier this week, the researchers said that a new threat actor group, which they dubbed Virtual Invaders, was active from late 2021.

    They created a number of Android apps, posing as communications products, which also came with the open-source XploitSPY malware. They called the campaign eXotic Visit. Low download count

    On the surface, the apps worked as intended, offering rudimentary communications services. However, behind the curtains lies malware that extracted peoples contact lists and files, the devices GPS locations, file names listed in specific directories related to the camera, downloads, and different messaging apps such as Telegram, or WhatsApp. If some file names showed promise, the attackers could extract them as well, it was said.

    To build the malware, the attackers seem to have taken the open-source
    Android Remote Access Trojan (RAT), XploitSPY, and modified it. While the
    apps offered rudimentary services, they came with a number of fake functionalities, too. Throughout the years, the attackers added new features, including better obfuscation techniques, emulator detectors, and more.

    There were more than a dozen apps, ESET said, with the three biggest ones being called Dink Messenger, Sim Info, and Defcom. All were being distributed via standalone websites, as well as Google Play, but all were subsequently removed from Googles app repository.

    Still, the chances of being infected by any of these are relatively low. Apparently, the attackers only targeted individuals in Pakistan and India,
    and were quite specific in their attacks. In total, there were roughly 380 downloads from the websites and the Play store. Each app has had up to 45 downloads. The distribution methods were not discussed, but they were most likely phishing and social engineering. More from TechRadar Pro Malware-riddled Android apps spotted on Google Play Store here's what to avoid Here's a list of the best firewalls around today These are the best endpoint security tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/watch-out-for-these-fake-messaging-apps -on-android-they-could-be-spying-on-you


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)