Eset, a company specializing in threat detection, Signal has sent a warning about malicious apps stealing contacts, messages, recorded phone calls and even chat messages from apps like Viber and Telegram.
The research team identified a campaign targeting Android users run by the following group: APT Bahamut.
You can read: Meta fined 265m euros for no data protection
The campaign is active since January 2022. distribute malicious apps through a rogue SecureVPN website that offers Android app downloads.
The virus used works under the name of SecureVP. It has no affiliation with N and the service and legal cross-platform software of the same name.
As part of the investigation, the main purpose of the changes made in the application was to seize confidential information and to spy on the messaging applications it uses.
You can read: EU approves use of mobile data on flights
“Targets targeted by malicious actors are believed to be carefully selected, as Bahamut spyware requests an activation key when it starts. Before VPN and spyware functionality is enabledEset said.
They also stated that both the activation key and the website link will be sent to previously reviewed users.
The criminals are using Trojanized versions of the two apps used to connect. VPN, SoftVPN or OpenVPN, taking advantage of the reputation of these legitimate tools.
Eset reported that through its distribution website it was able to identify eight versions of these apps that were patched with code changes, and that they were running through a rogue SecureVPN website.
Elon Musk threatens Google and Apple if they thwart Twitter plans
Feid is already on Waze: so he can put the voice of ‘el Ferxxo’ on ‘practice’
Source: Exame
