In a recent observation, we found the threat actor is using Android payload against individuals in the Pakistan region, however, it is still unknown what drives them to conduct cyber strikes in the South Asian region," reads the report by CYFIRMA. "Further technical analysis revealed that the app has malware characteristics and belongs to the notorious Advanced Persistent Threat Group "DoNot", which recently targeted individuals in the Kashmir region. The information includes location data as well as contact lists from the affected users.Īccording to a report from Singapore-based cybersecurity company Cyfirma, the infected apps have been traced back to a dangerous hacking group known as "DoNot." This group, believed to be state-sponsored, has been carrying out targeted attacks on prominent organizations in Southeast Asia since 2018. Furthermore, it has been discovered that these apps are being used by state-sponsored hackers as a means to gather intelligence from targeted devices. According to the researchers, these apps have been infected with spyware, designed to steal sensitive information from users' phones. The apps in question, namely nSure Chat and iKHfaa VPN, are listed under the developer name "SecurITY Industry". Researchers at CYFIRMA, a cybersecurity company, have issued a warning to Android users regarding apps that are currently available on Google Play.
0 kommentar(er)
