HomeCII/OTGoogle Play exploited to distribute 'Patchwork' APT's espionage apps

Google Play exploited to distribute ‘Patchwork’ APT’s espionage apps

Published on

spot_img

An Indian APT cybercrime group known as Patchwork has been discovered using Google Play to distribute six different Android espionage applications, posing as legitimate messaging and news services. These applications were found to contain a newly discovered remote access Trojan (RAT) called VajraSpy.

Researchers from ESET, who uncovered the campaign, found that the VajraSpy RAT is capable of intercepting calls, SMS messages, files, contacts, and more. Additionally, the malware can extract WhatsApp and Signal messages, record phone calls, and take camera pictures. The researchers found that the RAT-tainted applications were downloaded from the Google Play store over 1,400 times.

In addition to the six Google Play apps being used to deliver VajraSpy, the ESET team also found an additional six being distributed in third-party and unofficial app stores. These phony apps include Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafagat, and Faraqat.

The campaign targeted mostly Pakistani users, as indicated by several identifying factors. For example, one of the malicious apps used the name of a popular Pakistani cricket player as the developer name on Google Play. Additionally, apps that requested a phone number upon account creation had the Pakistan country code selected by default, and many of the compromised devices discovered through the security flaw were located in Pakistan.

To entice victims into downloading the apps, the cybercriminals used the promise of love in targeted attacks. ESET’s report revealed that the threat actors likely used targeted honey-trap romance scams, initially contacting the victims on another platform and then convincing them to switch to a trojanized chat application.

Upon discovering the malicious apps, ESET reported them to Google, and they have since been removed from the Play store.

The discovery of the Indian APT group’s use of Google Play to distribute Android espionage applications highlights the ongoing threat of cybercrime and the need for users to exercise caution when downloading apps. This incident serves as a reminder of the importance of cybersecurity measures and the need for continued vigilance in the face of evolving cyber threats.

Source link

Latest articles

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...

Ransomware Groups Adopt Citrix Bleed 2, BYOVD, and Supply Chain Credentials

Anubis Ransomware Operation: Exploiting Vulnerabilities for Malicious Gains The Anubis ransomware operation has recently been...

More like this

Parrot 7.3 Released with New Menu System and Improved Daily Usability

Parrot 7.3 Released: A Focus on Refinement and Usability In a strategic move, the Parrot...

How Renown Health Is Transforming Its Digital ID Strategy

Renown Health Innovates Digital Identity Management with Advanced Security Measures Renown Health, a prominent not-for-profit...

Medtronic Breach Affects 3.8 Million Individuals

Medtronic, one of the leading medical technology manufacturers globally, has recently taken steps to...