Cybersecurity researchers have uncovered a malware deployment campaign through applications offered in the Google Play Store. This type of attack is becoming more and more frequent. Downloading from the Mountain View company’s online store is no longer a guarantee of security.
Cyfirma’s cybersecurity experts have discovered that a group of hackers named DoNot (aka APT-C-35) deployed at least two malicious apps for Android on the Play Store. These have been downloaded very little, which suggests that they target a very specific victim or victims. According to analysts, DoNot is a hacker group funded by the Indian state. Their modus operandi is identical to that of SpaceCobra, hackers who steal WhatsApp backups.
To read – Netflix, TikTok, YouTube: these hackers hid malware in 60,000 fake apps on Android
The DoNot hackers first appeared on researchers’ radars around 2018, when they targeted various organizations in Southeast Asia. It is in 2021 thatAmnesty International has officially linked their activity to New Delhi. Officially, hackers create applications for Android under the name Security Industry. They thus offer two malicious applications on the Play Store: a instant messaging called nSure and a VPN called iKHfaa VPN.
Hackers use malicious Android apps to spy on their victims
Upon installation, “both of these apps ask for risky permissions, such as access to the user’s contact list and precise location data.” It would therefore seem that these malwares have been specifically designed to collect information about their victims. In this sense, they are only the first phase of a larger scale attack.
To read – This Previously Legit Android App Now Secretly Records You, Uninstall It
According to Cyfirma, the tactics employed by the APT DoNot group have changed for some time. “They took it a step further by deploying malware on the Play Store from Google”, because the procedure for downloading an Android application from the online store is “meticulous and involves a thorough review of each authorization by the developers”.