This malicious VPN targets Android devices with spyware
>
Adherents of a small and relatively new religion developing in Iran and parts of the Middle East are targeted by spyware delivered via a malicious VPN (opens in new tab) service, according to new findings from Kaspersky.
In its report, the company says practitioners of the Bahá’í Faith have been targeted by SandStrike spyware, which is delivered to their endpoints via a malicious, undisclosed VPN service.
Whoever is behind the attack has set up several Facebook pages and groups, Instagram accounts and a Telegram channel that claim to promote the teachings of the Bahá’í Faith in order to attract as many believers (and other curious people) as possible. to participate. However, the accounts are used to promote the VPN service, under the pretense that it can be used to circumvent the censorship of religious material in certain regions.
Legitimate VPN
The download links are distributed via Telegram, where his groups have more than 1,000 followers, Kaspersky says.
The VPN app advertised is functional and works as intended, the researchers found. They also said it even has its own VPN infrastructure, but installing the client also installs the SandStrike spyware, which exfiltrates sensitive or personally identifiable information. (opens in new tab)to the attackers.
The data SandStrike collects includes call logs and contact lists, but it will also monitor the device as a whole to better track the victim’s behavior.
Android spyware is a common threat, but the attackers usually prey on payment details, cryptocurrency wallets and the like. In fact, an updated version of the Banker Android spyware was detected at the end of September 2022. This spyware steals the victim’s banking information and possibly even money in some cases.
According to cybersecurity researchers at Microsoft, an unknown threat actor has launched a smishing campaign (SMS phishing) trying to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is a malware variant capable of extracting all kinds of sensitive information, including two-factor authentication (2FA) codes, account credentials, and other personally identifiable information (PII).
Through: BleepingComputer (opens in new tab)