Researchers from the cybersecurity company ESET identified this year a criminal campaign to distribute malware targeting Android users, a campaign led by the Bahamut APT group. According to the report, the action has been active since January 2022 using a fake SecureVPN app.
In this case, the focus of the malicious file is to silently collect the victim’s sensitive data, such as contact list, text messages received via SMS, call log and location. This malware is also able to intercept notifications from messengers such as WhatsApp, Telegram, Signal, Viber and Messenger.
As the ESET report explains, the group of cybercriminals responsible for the malware often prioritize entities and individuals located in the Middle East and South Asia in their attacks, using phishing as the main tactic used to trick users into installing the spyware file on their device. .
The infected application is made available on a website that simulates SecureVPN’s branding, which has nothing to do with the fraudulent action of cybercriminals. Installation requires that the ‘Unknown sources’ function is enabled in the phone’s settings, a permission that is not required when downloading apps directly from the Play Store.
By requiring manual installation through the browser, digital security experts advise Android users not to download applications outside the native Google store, an action that could put the phone in danger.
Do you often download apps outside the Play Store? Did you know about the risks? Tell us, comment!