Forwarded from Pegasus NSO & other spyware
Android spyware camouflaged as VPN, chat apps on Google Play – June 2023
Togo: Hackers-for-hire in West Africa: Activist in Togo attacked with Indian-made spyware - Amnesty International – 2021
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store - CYFIRMA – 2023
#DoNot #APT #India #Africa #Togo #spyware #GooglePlay
Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists.
The malicious Android apps were discovered by Cyfirma, who attributed the operation with medium confidence to the Indian hacking group "DoNot," also tracked as APT-C-35, which has targeted high-profile organizations in Southeast Asia since at least 2018.
In 2021, an Amnesty International report linked the threat group to an Indian cybersecurity firm and highlighted a spyware distribution campaign that also relied on a fake chat app.Togo: Hackers-for-hire in West Africa: Activist in Togo attacked with Indian-made spyware - Amnesty International – 2021
DoNot APT Elevates its Tactics by Deploying Malicious Android Apps on Google Play Store - CYFIRMA – 2023
#DoNot #APT #India #Africa #Togo #spyware #GooglePlay
Forwarded from Pegasus NSO & other spyware
RedEyes Group Wiretapping Individuals (APT37) - ASEC BLOG – June 2023
#Korea #APT #RedEyes #APT37 #StarCruft #Reaper
RedEyes (also known as APT37, ScarCruft, and Reaper) is a state-sponsored APT group that mainly carries out attacks against individuals such as North Korean defectors, human rights activists, and university professors. Their task is known to be monitoring the lives of specific individuals. In May 2023, AhnLab Security Emergency response Center (ASEC) discovered the RedEyes group distributing and using an Infostealer with wiretapping features that was previously unknown along with a backdoor developed using GoLang that exploits the Ably platform.#Korea #APT #RedEyes #APT37 #StarCruft #Reaper
Forwarded from Pegasus NSO & other spyware
Sponsor with batch-filed whiskers: Ballistic Bobcat’s scan and strike backdoor | welivesecurity
#APT #BallisticBobcat #backdoor #Israel #Iran #UAE
ESET Research uncovers the Sponsoring Access campaign, which utilizes an undocumented Ballistic Bobcat backdoor we have named Sponsor
ESET researchers discovered a Ballistic Bobcat campaign targeting various entities in Brazil, Israel, and the United Arab Emirates, using a novel backdoor we have named Sponsor.
We discovered Sponsor after we analyzed an interesting sample we detected on a victim’s system in Israel in May 2022 and scoped the victim-set by country. Upon examination, it became evident to us that the sample was a novel backdoor deployed by the Ballistic Bobcat APT group#APT #BallisticBobcat #backdoor #Israel #Iran #UAE
Forwarded from Pegasus NSO & other spyware
Evasive Panda leverages Monlam Festival to target Tibetans | ESET
#EvasivePanda (also known as #BronzeHighland and #Daggerfly)
#APT #Trojan #Tibet
ESET researchers discovered a #cyberespionage campaign that, since at least September 2023, has been victimizing Tibetans through a targeted watering hole, and a supply-chain compromise to deliver trojanized installers of Tibetan language translation software. The attackers aimed to deploy malicious downloaders for Windows and macOS to compromise website visitors with MgBot and a backdoor that, to the best of our knowledge, has not been publicly documented yet; we have named it #Nightdoor.#EvasivePanda (also known as #BronzeHighland and #Daggerfly)
is a Chinese-speaking APT group, active since at least 2012. ESET Research has observed the group conducting cyberespionage against individuals in mainland China, Hong Kong, Macao, and Nigeria. Government entities were targeted in Southeast and East Asia, specifically China, Macao, Myanmar, The Philippines, Taiwan, Vietnam,China and Hong Kong, India, and Malaysia#APT #Trojan #Tibet
Forwarded from Pegasus NSO & other spyware
XAgent Spyware Targeting iOS Devices in Western Europe: Analysis of Capabilities – Linkedin
Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear
XAgent is a spyware targeting iOS devices, representing a mobile implant. Publicly attributed to the group APT28 (also known as Sofacy or Fancy Bear), XAgent is consistent with TTPs of targeting government entities, political organizations, and individuals of interest for cyber espionage purposes.
The XAgent iOS implant exhibits advanced functionalities for comprehensive data collection, exfiltration and potential remote control, aligning with APT28's objectives of gathering intelligence and maintaining persistent access to compromised systems.Via @androidMalware
#iOS #XAgent #Spyware #Espionage #APT #APT28 #Sofacy #FancyBear
Forwarded from Pegasus NSO & other spyware
Arid Viper poisons Android apps with AridSpy | WeLiveSecurity
Via @androidmalware
#Palestine #Egypt #AridSpy #Android
#Trojan #AridViper #APT
ESET researchers have identified five campaigns targeting Android users with trojanized apps. Most probably carried out by the Arid Viper APT group, these campaigns started in 2022 and three of them are still ongoing at the time of the publication of this blogpost. They deploy multistage Android spyware, which we named AridSpy, that downloads first- and second-stage payloads from its C&C server to assist it avoiding detection.
The malware is distributed through dedicated websites impersonating various messaging apps, a job opportunity app, and a Palestinian Civil Registry app. Often these are existing applications that had been trojanized by the addition of AridSpy’s malicious code.
Via @androidmalware
#Palestine #Egypt #AridSpy #Android
#Trojan #AridViper #APT