HomeCII/OTDO NOT Group Releases Malicious Android Apps in India

DO NOT Group Releases Malicious Android Apps in India

Published on

spot_img

An advanced persistent threat group known as “DONOT Team” has been identified as utilizing two almost identical Android applications in a campaign aimed at intelligence gathering on individuals and groups in India deemed to be of national security interest to the country.

The apps in question, named “Tanzeem” and “Tanzeem Update,” present themselves as chat applications but do not function as advertised. Instead, upon installation on a device, they prompt the user to activate the device’s accessibility feature and grant permissions that could easily be misused. Subsequently, the apps close down and covertly harvest information from the compromised device, as noted by researchers at Cyfirma who recently uncovered this new wave of the DONOT campaign.

Cyfirma has highlighted the broader scope of DONOT Team’s operations, which extend beyond merely collecting intelligence on internal threats to targeting various organizations across South Asia. The aim of the campaign appears to be to gather strategic intelligence crucial to India’s interests, according to the security vendor.

Upon analyzing the Tanzeem apps, Cyfirma discovered that they leverage OneSignal, a widely used customer engagement platform, to send push notifications to users who install either of the apps on their devices. This functionality enables the apps to prompt users to initiate a fake chat, leading them to inadvertently enable Android accessibility services and grant permissions that allow for the extraction of sensitive data from their devices.

Additionally, the malicious apps were found to possess permissions enabling them to access call logs, contact information, text messages, and even real-time location tracking of the compromised device. Cyfirma noted that the threat actors behind DONOT Team’s activities are continuously evolving their tactics, using push notifications to install additional malicious payloads on compromised devices to ensure persistence and enhance the malware’s ability to continue intelligence gathering.

DONOT Team, also known by various other monikers like APT-C-35, SectorE02, and Viceroy Tiger, has been a prominent threat group with ties to India since at least 2016. The group has been implicated in various cyber-attacks and data theft campaigns targeting entities in South Asia, with recent reports linking them to espionage activities aimed at manufacturing companies in Pakistan associated with the defense and maritime industries.

Security researchers like ESET have documented DONOT Team’s use of sophisticated Windows and Android malware in espionage campaigns across multiple countries in South Asia. For instance, Cyfirma previously uncovered the deployment of malicious Android apps on Google’s Play store by the threat actor to target individuals in Kashmir and Pakistan.

DONOT Team is just one of several APT groups believed to be operating from India, engaging in a range of malicious activities such as online extortion scams, hacktivism, cyber espionage, and surveillance. Experts attribute some of this cyber activity to geopolitical tensions in the region and the overall surge in cybercrime across South Asia in recent years.

Source link

Latest articles

Medibank to Appeal Court Decision on Cybercrime Reports – TipRanks

Medibank, one of Australia's largest health insurers, is set to appeal a recent court...

Detecting Misuse of Fast Flux DNS with Ease

Last week, a series of cybersecurity incidents and breaches were reported around the world,...

Cyberhaven Secures $100M Funding for AI Security

Silicon Valley-based data security startup Cyberhaven has successfully secured $100 million in its Series...

SolarWinds Introduces New Incident Management Tool from Squadcast

SolarWinds, a prominent IT service management and observability tools company, recently made headlines with...

More like this

Medibank to Appeal Court Decision on Cybercrime Reports – TipRanks

Medibank, one of Australia's largest health insurers, is set to appeal a recent court...

Detecting Misuse of Fast Flux DNS with Ease

Last week, a series of cybersecurity incidents and breaches were reported around the world,...

Cyberhaven Secures $100M Funding for AI Security

Silicon Valley-based data security startup Cyberhaven has successfully secured $100 million in its Series...