A threat actor known for targeting targets in the Middle East has once again evolved its Android spyware and enhanced its capabilities to make it more stealthy and persistent, while concealing itself with seemingly innocuous app updates.
Reports indicate that a new variant of the spyware has added new features to its malicious applications to make them more resilient to the actions of users, who may try to remove them manually, while security and web hosting companies try to block them. Command and control server domain access or shutdown.
Mobile spyware, also known as VAMP, FrozenCell, GnatSpy, and Desert Scorpion, has been the tool of choice for the APT-C-23 threat group since at least 2017, with ongoing iterations featuring expanded surveillance capabilities to files, images, contacts, and Call recording, read notifications from the Messages app, record calls (including WhatsApp) and dismiss notifications from the built-in Android security app.
In the past, the malware has been distributed through fake Android app stores under the names AndroidUpdate, Threema, and Telegram. The latest campaign is no exception, they take the form of apps claiming to install updates on target phones, with names like App Update, System App Update, and Android Update Smart. It is understood that attackers deliver spyware by sending download links to targets through phishing messages.
Spyware is a growing threat. Android spyware related to APT-C-23 has been around for at least four years, and attackers continue to develop it with new techniques to evade detection and removal.
Original article, author: lyon, if reprinted, please indicate the source: https://cncso.com/en/apt-c-23-hacking-group-uses-new-android-spying-software-to-attack-middle -east-users.html