Android users are being targeted by threat actors using spyware known as SandStrike, which is delivered via malware-infected VPN applications. In short, threat actors have been circulating extremely stealthy and sophisticated spyware inside a VPN application.
Cybersecurity researchers at Kaspersky lab reported that an espionage campaign was carried out by threat actors using SandStrike in which they targeted the Persian-speaking minority religion, “Baháʼí,” this religion is mainly developed in some parts of the Middle East and Iran.
This malicious VPN app is being marketed by attackers as a simple method of evading censorship of religious materials in some particular parts of the world.
For distribution channels, threat actors actively target social media platforms with fake accounts on Facebook and Instagram with 1000 followers. With these fake social media accounts, threat actors redirect victims to a Telegram channel operated by them.
On the Telegram channel operated by the threat actors, several malicious links are provided to download and install the malicious VPN app. Though the app is malicious, but, it uses its own VPN infrastructure, which implies that the malicious VPN is completely practical and operational.
The fake accounts that are used by the threat actors are designed with religious-themed materials to target the followers of the Baháʼí religion.
With the installation of the VPN, the SandStrike also gets deployed on the targeted devices which has the ability to steal a wide range of sensitive data from the victims’ devices.
The data includes:-
There was a considerable amount of change in the tactics, toolsets, and techniques utilized by APT actors during the third quarter of 2022.
Among the new trends, we have mentioned a few of them:-
In early September, the telco industries, education sectors, and ISPs in Africa and the Middle East were plagued with a novel malware platform named Metatron.
Security analysts have come up with the following recommendations as a way to prevent being attacked by threat actors:-
Managed DDoS Attack Protection for Applications – Download Free Guide
Security researchers have published a Proof-of-Concept (PoC) exploit for a critical vulnerability in the widely used PuTTY SSH and Telnet…
Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. However, vehicle hijacking…
The latest Nexusguard DDoS Trend Report for 2024 has unveiled a significant escalation in the size of Distributed Denial of…
Researchers have identified a new form of cyberattack termed "LLMjacking," which exploits stolen cloud credentials to hijack cloud-hosted large language…
In a recent cybersecurity breakthrough, researchers have unveiled significant updates to the HijackLoader malware, a sophisticated modular loader notorious for…
The North Korean hacking group known as Kimsuky has been reported to employ sophisticated methods involving social media platforms and…