The new virus that attacks Android cell phones: it is camouflaged in adult content and applications about Covid-19

The Pope refused to receive Trump’s foreign minister and escalates the shock over the Vatican’s approach to China

Mike Pompeo finally met with the Vatican secretary of state. Francisco confirms his willingness to extend the agreement with Beijing. Pope Francis refused to...

Irish Judge: Subway bread is not bread

The bread from the well-known fast food chain Subway contains five times too much sugar to be legally seen as bread, an Irish court...

Belgium ends its longest period without a federal government

Belgium has finally new government. It has been 493 days since the last elections, held in May 2019, and 650 since the...

Italy will ask to extend the state of emergency until January 2021

The Italian Government will ask Parliament to extend the state of emergency, which ended on October 15, until January 31, 2021, in order to...

Russian opponent Alexei Navalny accuses Vladimir Putin of his poisoning and assures that he will return to his country

The staunch enemy of the president of Russia recovers in Berlin after the attack with the nerve agent novichok. The Kremlin denies the...

The initiative of the hacker group Transparent Tribe seeks to expand its operations and infect popular mobile devices.

Kaspersky researchers released their findings related to a new spyware app for Android masked in adult content and official applications about Covid-19

The topic of the pandemic has become a hot topic for threat actors launching social engineering attacks. This was the technique that Transparent Tribe, a threat agent tracked by Kaspersky for more than four years, began adopting in their campaigns.

During their investigation on Transparent Tribe, specialists found a new Android implant used by this group to spy on mobile devices and distributed in India as Fake COVID-19 porn apps and tracking apps.

The connection between the group and these two applications could be made thanks to the related domains that the agent used to host malicious files used in different campaigns.

Both apps, once downloaded, try install another file Android package packet – a modified version of the AhMyth Android Remote Access Tool (RAT) -, a computer virus (malware) open source downloadable from GitHub, and was created by adding a malicious payload inside other legitimate applications.

The modified version of the malware is different in functionality from the standard version. It includes new features that were added by attackers to improve data exfiltration, but it lacks some basic features, such as stealing photos from the camera.

The application is capable of downloading new applications to the phone, accessing SMS messages, microphone and call logs, tracking the location of the device, and listing and uploading files to an external server from the phone.

“The new findings underscore the efforts of Transparent Tribe members to add new tools that further expand their operations and reach their victims through different attack vectors, now including mobile devices.”

“We see that the agent is constantly working to improve and modify the tools it uses. To stay protected against these threats, users must be more careful than ever when evaluating the sources from which they download content and make sure that their devices are protected.” commented Giampaolo Dedola, senior security researcher at Kaspersky.



Related Articles