trojanized apps Archives

AppWizard

July 2, 2024

Trojanized apps used for CapraRAT spyware delivery

Transparent Tribe, a hacking operation linked to Pakistan, has been using malicious Android apps to deploy the CapraRAT spyware in a surveillance campaign targeting gamers and weapons enthusiasts. The attacks involved hiding CapraRAT within popular apps like "Crazy Game," "Sexy Videos," "Weapons," and "TikToks" APKs, exploiting various permissions for location, SMS, call log access, phone calls, audio and video recording, and screenshot capturing. The recent intrusions did not require account authentication or package installations, indicating a shift towards surveillance activities. Targeting newer versions of the Android OS makes sense as Transparent Tribe focuses on individuals within the Indian government or military who are less likely to use older Android versions like Lollipop.

AppWizard

June 17, 2024

Arid Viper Weaponizing Android Apps To Exfiltrate Login Details

Arid Viper APT Group has been targeting Android users in the Middle East since 2022 through five campaigns. They use trojanized apps impersonating legitimate ones, such as messaging apps and a civil registry app. The AridSpy malware has evolved into a multi-stage trojan that downloads additional payloads from a command-and-control server. The group uses the myScript.js script to connect distribution websites and identify additional campaigns.

AppWizard

June 15, 2024

How Arid Viper spies on Android users in the Middle East – Week in security with Tony Anscombe

- ESET researchers discovered five campaigns targeting Android users in Egypt and Palestine with trojanized apps. - The campaigns started in 2022 and are believed to be orchestrated by the Arid Viper APT group. - Three of the campaigns are still active. - The spyware, known as AridSpy, is distributed through deceptive websites posing as popular messaging apps, a job search app, and a Palestinian Civil Registry app.