![]() ![]() Instead, the group is now employing spear messaging attack tactics via WhatsApp and Telegram messaging platforms. Cyfirma researchers hint that the attackers have abandoned the tactic of sending phishing emails carrying malicious attachments. The company also discovered that certain file names generated by the malicious apps were also linked to past DoNot campaigns. The techniques were associated with the alleged hacking group. How Cyfirma linked the operation to DoNot The cybersecurity firm attributed the campaign to the DoNot threat group based on the specific use of encrypted strings. Cyfirma analysts have also discovered that the code base of the hackers' VPN app was copied from the legitimate Liberty VPN service. This data is later sent to the attacker's C2 server via an HTTP request. The collected data is stored locally using Android's ROOM library. In other cases, the app fetches the last known location of the device. However, to access the target's current location, the GPS on the victim’s device needs to be active. ![]() The apps then collect this data and send them to the attacker. These permissions include access to the user's contact list and precise location data. How these apps are stealing data The report claims that these apps request users for risky permissions during installation. ![]() This suggests that these apps are used selectively against specific targets. The download count on the apps developed by the ‘SecurITY Industry’ is comparatively low. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |