Google Play Used to Spread Patchwork APTs Espionage Apps

  /     /     /  
Publicated : 23/11/2024   Category : security


Google Play Used to Spread Patchwork APTs Espionage Apps


The Indian state-sponsored cyberattackers lurked in Googles official app store, distributing a new RAT and spying on Pakistanis.



The Indian APT group
Patchwork
, known for its targeted spear phishing cyberattacks against Pakistanis, has been caught abusing Google Play to distribute six different Android espionage applications posing as legit messaging and news services. In reality, they come loaded with a newly discovered remote access Trojan (RAT) called VajraSpy.
Researchers from ESET who uncovered the campaign found that VjjaraSpy RAT intercepts calls, SMS messages, files, contacts, and more,
according to the security firms Patchwork report
this week. They can also extract WhatsApp and Signal messages, record phone calls, and take camera pictures. In total, the researchers found the RAT-tainted applications were downloaded from the Google Play store more than 1,400 times.
In addition to the six
Google Play apps
being used to deliver VajraSpy, the ESET team found an additional six being distributed in third-party/unofficial app stores. The phony apps go by names that include Privee Talk, MeetMe, Lets Chat, Quick Chat, Rafagat, and Faraqat.
Based on several indicators, the campaign targeted mostly Pakistani users: Rafaqat رفاقت, one of the malicious apps, used the name of a popular Pakistani cricket player as the developer name on Google Play; the apps that requested a phone number upon account creation have the Pakistan country code selected by default; and many of the compromised devices discovered through the security flaw were located in Pakistan, according to the report.
To lure victims into downloading the apps, the cybercriminals used the promise of love in targeted attacks, the report found.
To entice their victims, the threat actors likely used targeted honey-trap romance scams, initially contacting the victims on another platform and then convincing them to switch to a trojanized chat application, ESETs report added.
ESET reported the apps to Google and they have been removed from the Play store.

Last News

▸ Making use of a homemade Android army ◂
Discovered: 23/12/2024
Category: security

▸ CryptoWall is more widespread but less lucrative than CryptoLocker. ◂
Discovered: 23/12/2024
Category: security

▸ Feds probe cyber breaches at JPMorgan, other banks. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Play Used to Spread Patchwork APTs Espionage Apps