Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

APT C-23 Targeting Android Users In Middle East With Spyware

A report has been released detailing new variants of Android spyware associated with the APT C-23 group. The new variants boast improved stealth and persistence features and target individuals in the Middle East.

What has been observed?

According to Sophos researchers, the spyware impersonates an updated app with a generic icon and names containing words like App Updates, System Apps Updates, or Android Update Intelligence.

  • It spreads via a download link in a text message sent to the target’s phone.
  • When the spyware app is opened for the first time, it asks for several permissions to control the phone. Attackers have used social engineering to enable the required permissions, pretending that these are important for the app to function. 
  • After obtaining the required permissions, the spyware masks itself using the name and icon of a genuine app. Doing so makes it harder for users to spot or manually remove the spyware.

More about the new variants

The new variants of the spyware hide behind well-known app icons such as Chrome, Google Play, YouTube, Google, or the BOTIM voice-over-IP service.

  • If the victims click on a fraudulent icon, the spyware executes a genuine version of the app, while performing surveillance in the background.
  • The new variants share code with other malware samples linked with APT C-23. 
  • The researchers found Arabic language strings in the code and some of the text could be shown in either English/Arabic, based on the language setting of a victim’s phone.

A common flaw in the previous variants

  • Previous versions of this malware relied on a single C2 domain that was added to the app and controlled by the attackers. If a defender discovered and took down the domain, the spyware would stop.
  • However, this weakness is fixed in newer versions where it can switch the C2 server with a different domain. It allows the spyware to continue operation even after the takedown of the domain.

Conclusion

The attackers are fooling victims into installing malicious apps by presenting them as legitimate apps. To stay protected, users are suggested to install apps from official sources such as Google Play. Moreover, always update Android OS and applications via Android Settings and Google Play, respectively, as soon as patches are available.

Source: https://cyware.com/news/apt-c-23-targeting-android-users-in-middle-east-with-spyware-a1ae7657

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

On June 21, 2023, hackers broke into LetMeSpy’s servers and stole private data. Following the hack, the attackers were able to obtain unauthorized access...

Business News

Somalian pilgrims prepare for a selfie in front of the Kaaba, the cubic building at the Grand Mosque, during the annual hajj pilgrimage in...

Business News

Ultra-Orthodox Jews walk past a sign calling on women to dress modestly in the ultra-Orthodox neighborhood of Mea Shearim in Jerusalem, Wednesday, June 7,...

Business News

Members of the Armenian community protest a contentious deal that stands to displace residents and hand over a large section of the Armenian Quarter...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO