However, starting in 2020, it periodically redirected users to a malicious domain that delivered an infected version of the app. This version included a script that installed two executables on the device, creating a persistent backdoor.
Once activated, the backdoor launched a reverse shell that allowed attackers to control the device remotely. Kaspersky Lab security researchers, who discovered the malware, analyzed its behavior. The program collected sensitive data such as system information, browsing history, passwords, and even credentials for cloud services such as AWS, Google Cloud, and Azure. This information was then uploaded to the attackers’ infrastructure.
This incident highlights the importance of being careful when downloading software and regularly updating protection against such threats.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
