Connect with us

cybersecurity Tech News

Cyber-Mercenaries Target Android Users with Fake VPN Apps
Advertisement

cybersecurity Security

Network Infrastructure: A rising cyber battleground

cybersecurity Industry Mobile Phones News Operating Systems Tech News

A Malware Found on Android Apps Can Steal and Monitor All User Activities

cybersecurity Emerging Tech Softwares Tech News

African businesses beware! Everything you need to know about mitigating escalating DDoS cyberattacks

cybersecurity Databases Security Servers

US set to restrict China's access to cloud computing - WSJ

cybersecurity Internet Research Tech News

Why Vue.js Development Services are in High Demand for Building Responsive Web Applications

cybersecurity Internet Social Media

Latest WhatsApp beta update fixes ‘out of date’ error message

cybersecurity

DEKRA strengthens Cybersecurity Business - Onward Security becomes part of the DEKRA family in the APAC region

cybersecurity

EFCC nabs 28 in Nasarawa for cybercrime

cybersecurity

T-Mobile Says Hacker Stole Data for 37 Million Customers

cybersecurity

Cyber-Mercenaries Target Android Users with Fake VPN Apps

Malicious Apps can Exfiltrate Information from Signal, Viber, and Telegram

A hacking-for-hire group is distributing malicious apps through a fake SecureVPN website that enables Android apps to be downloaded from Google Play, say researchers at Eset.

Dubbed “Bahamut,” researchers from the cybersecurity firm discovered at least eight versions of the spyware. The apps were being used as part of a malicious campaign that used Trojanized versions of two legitimate apps – SoftVPN and OpenVPN. In both cases, the apps were repackaged with Bahamut spyware.

“The main purpose of the app modifications is to extract sensitive user data and actively spy on victims’ messaging apps,” the researchers say.

Exfiltration of sensitive data is conducted via keylogging, misusing Android’s accessibility service. It can also actively spy on chat messages exchanged through popular messaging apps including Signal, Viber, WhatsApp, Telegram, and Facebook Messenger.

The threat group also acts as a mercenary group, offering hacking-for-hire services that include espionage and disinformation services to target nonprofit organizations and diplomats across the Middle East and southern Asia.

Its initial attack vectors include spearphishing messages and fake applications, whose goal is to steal sensitive information from its victims.

The malicious application is delivered via the website thesecurevpn[.]com, a spoof of the real secureVPN site but which lacks the content or styling of the legitimate SecureVPN service (at the domain securevpn.com).

The thesecurevpn[.]com was registered on 2022-01-27, but the date for the initial distribution of the fake SecureVPN app is unknown.

Since Bahamut spyware distribution through websites began, eight versions of the spyware have been made available for download.

List of different versions:

  • SecureVPN_104.apk;
  • SecureVPN_105.apk;
  • SecureVPN_106.apk;
  • SecureVPN_107.apk;
  • SecureVPN_108.apk;
  • SecureVPN_109.apk;
  • SecureVPN_1010.apk;
  • SecureVPN_1010b.apk.

In October 2020, BlackBerry researchers identified the Bahamut group creating several fake news websites to push disinformation content. They also discovered a phishing infrastructure and malicious apps being installed in the official Google Play and Apple App stores and used to target specific victims and organizations.

Because the group’s targets lack a unifying pattern, the Blackberry researchers suggest that the hackers likely sell their services to the highest bidder.

Source: https://www.bankinfosecurity.com/cyber-mercenaries-target-android-users-fake-vpn-apps-a-20555

Post Views: 332
Related Topics:
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: