Rogue Android apps listed Google Play Store are targeting their users, an investigation shows.
CYFIRMA, a cybersecurity firm, identified two rogue Android apps — nSure Chat and iKHfaa VPN, that were hosted on the Google Play Store and were used to extract user data.
The apps were created by a developer called “SecurITY Industry”, which, according to the researchers, is associated with the hacker group known as "DoNot". This threat group has been actively targeting individuals in Pakistan and South East Asia.
“Technical analysis indicates that the motive behind the attack is to gather information via the stager payload and use the gathered information for the second-stage attack, using malware with more destructive features,” said CYFIRMA.
The apps give threat actors access to users’ contact lists and locations, which allows them to strategize future attacks and employ Android malware with advanced features to target and exploit victims.
According to the researchers, the threat actor employed a spear messaging attack on platforms such as Telegram or WhatsApp. The purpose of this attack was to deceive victims into installing an application from the Google Play store.
Previously, the threat actor utilized spear phishing attacks by employing malicious Word documents containing macros. These attacks specifically targeted multiple regions in South Asia, while disguising themselves as chat apps and distributing Android malware.
Your email address will not be published. Required fields are markedmarked