This Malicious VPN Targets Android Devices With Spyware
Followers of a small and relatively new religion growing in Iran and parts of the Middle East are being targeted by spyware distributed via malware VPN (opens in a new tab) according to new findings from Kaspersky.
In its report, the company said that Baháʼí Trust practitioners are being targeted with SandStrike spyware, which is being delivered to their endpoint via a malicious, unscrupulous VPN service. named.
Who is behind the attack has set up several Facebook pages and groups, Instagram accounts and Telegram channels that claim to promote the teachings of the Baháʼí Faith in order to attract more believers (and other curious people) to join. However, the accounts are used to promote the VPN service, on the grounds that it can be used to bypass censorship of religious material in certain regions.
Legit VPNs
The download links are distributed via Telegram, where its groups have more than 1,000 followers, Kaspersky said.
The researchers found that the VPN app being advertised was functional and working as intended. They also say it even has its own VPN infrastructure, but that installing the client also installs the SandStrike spyware, which is sensitive or personal information (opens in a new tab)for attackers.
The data SandStrike collects includes call logs and contact lists, but it will also monitor the entire device, to better track victim behavior.
Android spyware is a common threat, but attackers often hunt for payment data, crypto wallets, and the like. In fact, an updated version of the Banker Android spyware was discovered at the end of September 2022. This spyware steals the victim’s banking information and possibly even money in a number of cases.
According to Microsoft cybersecurity researchers, an unknown threat has initiated a phishing campaign (SMS phishing) through which it tries to trick people into downloading TrojanSpy: AndroidOS/Banker.O . this is a malware the variant is capable of extracting all kinds of sensitive information, including two-factor authentication (2FA), account login details, and other personally identifiable information (PII).
Through the: BleepingComputer (opens in a new tab)