In-article:

Contacts, SMS, calls, Signal and Telegram communications… these fake Android VPN apps steal everything!


Alexander Schmid

November 23, 2022 at 1:05 p.m.

2

VPN and film © Shutterstock

© Shutterstock

Android apps pretending to be vpn legitimate sites harbor spyware capable of stealing a great deal of personal data, including text messages and messages exchanged by instant messaging applications.

Researchers from the cybersecurity company ESET have identified a malicious data theft campaign raging on Android. This is based on the distribution of fake VPN apps.

Spyware hidden in a legitimate hijacked app

The Bahamut pirate group, well known to experts, is believed to be behind this campaign. A website called “TheSecureVPN”, which has nothing to do with the legitimate SecureVPN platform, is allegedly used to scam users by offering VPN apps for Android to download.

At least eight versions of these apps have been discovered by ESET. These are always applications based on SoftVPN or OpenVPN, legitimate apps, to which is added malicious code activating spyware already used by Bahamut in the past.

It appears that early versions are based on SoftVPN, but hackers later switched to OpenVPN, as the former ceased to function and be maintained.

Access to critical messages and data

It seems that the victims of this spyware are selected specifically by the hackers, because once installed, the application hosting the spyware asks for an activation key, which unlocks both the VPN functionality and the spying functionality of the spyware. ‘user.

The main aim of the spyware is to extract sensitive data such as contacts, SMS messages, call logs, device location, recorded phone calls, list of installed apps, phone information, etc. the device used as well as the registered accounts.

It is also capable of exfiltrating chat messages exchanged through popular messaging apps including Signal, Viber, WhatsApp, Telegram and Facebook Messenger. Like other malware before it, it exploits vulnerabilities in Android’s accessibility services to act as a keylogger.

Source : WeLiveSecurity



Source link -99