The ongoing campaign since the beginning of the year uses malicious versions of known apps, in targeted attacks to steal conversations
A cybercriminal group called Bahamut uses malicious versions of popular VPN apps to install spy apps on victims’ Android phones. The contrast appears in a seemingly targeted campaign, with users’ pursuit of greater security resulting in the theft of personal information, conversations and other sensitive details.
The wave of infections has been going on since January this year, but according to experts at cybersecurity firm ESET, it appears to be highly targeted. At least eight compromised versions of software such as OpenVPN, SecureVPN and SoftVPN, including fake websites, were allegedly used in the attacks; the initial carrier has not been confirmed, but the bet is on emails and social media messages with malicious download links.
The idea of ​​a targeted campaign is also distinguished by the use of a specific activation code, which once used activates the spyware on the victims’ mobile phones. The parasite then starts recording the typed data and also captures conversations via SMS or applications such as Whatsapp🇧🇷 telegram and Signal. Other information such as call logs and geographic location is also collected, with the entire volume being sent to servers under the control of the scammers.
The purpose of the wave of infections is not known for certain, as Bahamut is not directly associated with any country, but rather acts in digital mercenaryism. While the spyware installation suggests a campaign with political ends, the report published by ESET also does not indicate an association with previous scams carried out by the gang, which since 2016 has mainly focused on countries in the Middle East and South Asia.
On the other hand, the sophisticated development of the spy tool attracts attention, as does the use of codes that trigger targeted attacks. This also hints at bold phishing scams, as scammers seem to trust victims to trick them into downloading the malicious solution.
Basic measures, however, can prevent such compromises. The apps used by Bahamut, for example, weren’t available on Google Play Store, with download through certified means only, is the best security advice for Android users. The ideal is to avoid clicking on links sent by messages or social networks, preferring official websites and legitimate means for installation.
Source: ESET
Trending on Canaltech:
- Thanos lists the only 6 heroes he considers worthy enemies
- See new photos of the Moon’s surface taken by the Orion spacecraft in flight
- 10 sites that were very successful and no longer exist
- The scientist proposes a method to find out if humans live in the Matrix
- “Linux for Windows” officially released for Windows 10 and Windows 11
- Sheep are caught walking in circles for 12 days straight
🇧🇷The best content in your email for free. Choose your favorite Terra newsletter. Click here!
Source: Terra
Camila Luna is a writer at Gossipify, where she covers the latest movies and television series. With a passion for all things entertainment, Camila brings her unique perspective to her writing and offers readers an inside look at the industry. Camila is a graduate from the University of California, Los Angeles (UCLA) with a degree in English and is also a avid movie watcher.
-1iukw1rasftya.jpg "Chickpea and aubergine salad: light and complete meal")
