In the recent era, hackers are constantly evolving and using their techniques to execute new attack vectors to target users from different sectors across the globe, as reported by the security researchers at Cyble.
The spyware campaign that currently uncovered mainly targeting the Indian military personnel, and since January 2021 this campaign has been active.
The cybersecurity experts of Cyble along with 360 Core Security Lab have recently detected the PJobRAT spyware in dating and instant messaging apps. Not only that even, the analysts have also claimed that the spyware samples disguised themselves as Android dating apps.
Since December 2019 the recent version of PJobRAT spyware has been around, as reported by the researchers at 360 Core Security Lab.
While during their investigation they detected that for Non-resident Indians this recent variant is disguising as a famous dating app known as “Trendbanter,” and mimicking the instant messaging app, Signal as well.
In some cases, the researchers have identified that it also imitate other apps as well, and here they are mentioned below:-
Moreover, through different medium and third-party app stores, the threat actors accomplish their distribution goals in which they distribute all these spyware.
While the experts have asserted that to hide in the app list, it imitates WhatsApp or any genuine-looking app. But, the most bizarre thing is that it doesn’t even match the icon shown in the app store with the installed one.
The types of documents that it able to exfiltrate from the infected device are mentioned below:-
The complete list of abilities of PJobRAT spyware is mentioned below:-
In terms of its code, the spyware remains the same, and not only that even it also interacts with the same infrastructure as well.
But, the analysts have affirmed that the threat actors behind this spyware are not so sophisticated, since their private servers are publicly accessible in which they hold the exfiltrated data.
The security researchers at 360 Core Security Lab has concluded that the threat actors behind PJobRAT spyware could be Chinese or Pakistani hackers, and that’s why their primary goal was to spy on Indian military personnel.
You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.
Penetration testing companies play a vital role in strengthening the cybersecurity defenses of organizations by…
Cybersecurity researchers continue to track sophisticated "Click Fix" style distribution campaigns that deliver the notorious…
In a novel and concerning development, multiple U.S. organizations have reported receiving suspicious physical letters…
The cybersecurity landscape has recently been impacted by the emergence of the Strela Stealer malware,…
A recent discovery by the Socket Research Team has unveiled a malicious PyPI package named…
A recent cybersecurity threat has emerged where unknown attackers are exploiting a critical remote code…