This malicious VPN targets Android devices with spyware

Followers of a small and relatively new religion in Iran and parts of the Middle East are being targeted by spyware delivered via malware. vpn (Opens in a new tab) service, according to new findings from Kaspersky.

Practitioners of the Baha’i faith are being targeted by SandStrike spyware, which is delivered to their endpoints via a malicious no-name VPN service, the company says in its report.

Whoever was behind the attack has created several Facebook pages and groups, Instagram accounts, and a Telegram channel claiming to promote the teachings of the Baha’i Faith to attract as many believers (and other curious people) to join. However, the accounts are used to promote the VPN service, arguing that it can be used to bypass censorship of religious material in certain regions.

Legitimate VPN

The download links are distributed via Telegram, whose groups have more than 1,000 followers, Kaspersky says.

The researchers found that the VPN app being advertised works and works as intended. They also said it has its own VPN infrastructure, but installing the client also installs the SandStrike spyware, which exits sensitive, or Personally Identifiable Information (Opens in a new tab)for the attackers.

The data SandStrike collects includes call logs and contact lists, but it will also monitor the entire device, to better track the victim’s behavior.

Android spyware is a common threat, but attackers usually look for payment data, cryptocurrency wallets, and the like. In fact, an updated version of the Banker Android spyware was discovered in late September 2022. This spyware steals the victim’s bank details and maybe even money in some cases.

According to Microsoft cybersecurity researchers, an unknown actor has started a phishing campaign (SMS phishing), through which it is trying to trick people into downloading TrojanSpy: AndroidOS/Banker.O. This is the Malware A variant capable of extracting all kinds of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).

Across: Computer (Opens in a new tab)

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version