October 4, 2023

A malicious Android installation package has been spotted targeting Indian defense personnel since at least July 2021.

The APK file, is a decoy copy of a promotion letter to the ‘Subs Naik’ rank, once the victim falls prey to this malicious APK, and upon installation, this app appears as an Adobe Reader application icon on the device.

The app asks for several permissions after installation, including camera, microphone, internet, and storage. Access to any one of these can be dangerous and catastrophic for national security.

The threat actors behind the tool were using a variant of Spymax RAT a tool whose source code is already available on underground forums. It offers numerous diversified packages builds that has the web view feature that allows threat actor to inject any web link into the web view module.

Advertisements

After the successful installation of the generated APK, it takes the shape of an actual Android app.

Researchers observed,  the threat actors used a Google Drive link pointing at a PDF file containing a list of Indian defense personnel who were awarded promotions to a higher rank. The link was reportedly shared through WhatsApp.

At the same time, based on the data analyzed, the research team said they could not attribute the current attack to a specific nation-state threat actor group.

This research was documented by researchers from The Cyfirma

Tags:

Leave a Reply

You may have missed

Qualcomm fixes Zero Day Vulnerabilities

October 4, 2023

AWS Console and MFA Requirements

October 4, 2023

Bunny Loader Malware-as-a-Service in Action

October 3, 2023

Google Android Security Updates – October 2023

October 3, 2023

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023
%d bloggers like this: