New Android Spyware Variants Linked to Middle Eastern APT

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT.

New variants of Android spyware linked to a Middle Eastern advanced persistent threat (APT) group have been designed to be stealthier and more persistent, Sophos researchers reported today.
This malware appears as an update app with a generic icon and name — for example, App Updates — and researchers believe its distributed as a download link in a text message sent to the victims phone. When a victim runs the app, it requests permission to control different parts of the phone. The attackers use social engineering to convince victims this control is necessary.
If the victim grants permissions, the spyware disguises itself under the name and icon of a legitimate app, making it harder for the user to find and remove it. The new variants have more and varied disguises than earlier versions and hide behind the icons of popular apps like Google, Chrome, Google Play, and YouTube. If the user clicks the fake icon, the spyware launches a legitimate version of the app while conducting surveillance in the background.
The malicious features of earlier iterations are the same: gathering text from SMS and other apps, contacts, call logs, documents, and images; recording ambient audio along with incoming and outgoing calls; taking pictures and screenshots; recording the devices screen; reading notifications from social media and messaging apps; and canceling security app notifications.
The Android spyware linked to APT C-23 has been around for at least four years, and attackers continue to develop it with new techniques that evade detection and removal, wrote threat researcher Pankaj Kohli
in a release
. The attackers also use social engineering to lure victims into granting the permissions needed to see into every corner of their digital life.
The C-23 APT has been active in the Middle East since 2017, and these new variants detected share code with other malware samples attributed to the group. Researchers also found Arabic language strings in the code and report some of the text could be presented in English or Arabic, depending on the language setting of a victims device.
Read more details
here
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
New Android Spyware Variants Linked to Middle Eastern APT