The Android spyware is thought to be a variation of "Coverlm," which steals data from messaging apps...
Digital Desk: Hackers are using a fake Android chatting software called 'SafeChat' to steal data from targeted persons in South Asia, including India, via malware payload delivered directly through a WhatsApp conversation.
Cyber-security firm Cyfirma obtained advanced Android malware targeting users in the South Asia region. The suspicious Android malware is a fake messaging app on Android.
"Our initial technical analyses revealed that APT Bahamut is behind the attack. The nature of this attack, along with previous incidents involving APT Bahamut, possibly indicate that it was carried out to serve the interests of one nation-state government," the report noted.
Notably, APT Bahamut has targeted supporters of Khalistan in the past since they support the formation of a separate nation that would be an external threat to India.
Security professionals pointed out that "the threat actor has also targeted military installations in Pakistan and individuals in Kashmir, all aligning with the interests of one nation-state government."
A variant of "Coverlm," which steals data from messaging apps like Facebook Messenger, Telegram, Signal, WhatsApp, and Viber, is suspected to be spyware for Android.
This particular malware displays a similar operational mechanism to the malware that has already been found.
However, the new malware presents a high level of threat since it has more permissions.
A suspected software with the name "Safe Chat" displays on the main menu after installation. The user is informed they are using a secure messaging app on a landing page after opening the app.
The user is prompted to provide permission when they first launch the software after a fresh installation, and then the hackers' game begins.
Before the victim realizes that the app is fake, the user interface of this software successfully fools users into thinking it is authentic, giving the threat actor access to all of the necessary data.
According to the Cyfirma team, past and present targets strongly suggest that the APT group is operating inside of Indian territory.
Leave A Comment