Another attack was discovered between India and Pakistan, who are close friends. This time Indian hackers targeted individuals and organizations in Pakistan. Indian hackers, who mainly approached the romance scam strategy, even fooled Google Play.
[보안뉴스 문가용 기자] Patchwork, an Indian APT group, was recently discovered to be distributing six malicious apps through the official application store called Google Play. These six apps were said to be disguised as regular messaging apps or news services. However, it contained a RAT called VajraSpy. This RAT is a new malware never discovered before.
[이미지 = gettyimagesbank]
It was the security company ESET that discovered Patchwork’s campaign. When ESET researchers analyzed Bajraspy, they discovered the following features:
1) Call interception
2) Intercept SMS text messages
3) Get the file
4) Steal contact information
5) Steal WhatsApp and Signal messages
6) Record call history
7) Take photos with your camera
ESET’s analysis showed that six malicious applications, including Bajraspy, were downloaded more than 1,400 times overall. But this campaign isn’t just about that. Many apps containing Bajraspy were discovered not through Play but through unofficial third-party stores. Apps with names like Privee Talk, MeetMe, Let’s Chat, Quick Chat, Rafaqat and Faraqat have been analyzed as dangerous.
“Based on what we have seen so far, the patchwork of attackers using Bajraspy are believed to be primarily targeting users in Pakistan. In the case of Rafakat, one of the malicious apps, the name of a very popular cricketer in Pakistan was included in the Google Play developer information. Additionally, you are required to enter a phone number when you create an account, and the country code for Pakistan is entered in the phone number field by default. In fact, most of the compromised equipment is located in Pakistan.”
ESET explains that the strategy attackers typically use to entice victims to download and install the app is a “romance scam.” “It appears that he met the victim on different platforms and established a relationship with them. After forming a loving relationship, she presents the app and ask them to install it. “It’s tempting to say, ‘Let’s talk to each other through this chat app.’”
Currently, all six of the above apps have been deleted from Google Play. Patchwork has been known to target Pakistan for a long time.
3 line summary
1. Indian APT patchwork infiltrates malicious apps in Google Play.
2. Spread of spyware primarily targeting Pakistani targets.
3. The strategy used by Patchwork to install spyware is a romance scam.
[국제부 문가용 기자(globoan@boannews.com)]
www.boannews.com) Reproduction and redistribution prohibited>
#Patchwork #romantically #close #victims #uploading #malicious #app #Google #Play
