This malicious VPN targets Android devices with spyware
Followers of a small religion are being targeted
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Followers of a small and relatively new religion developing in Iran and parts of the Middle East are being targeted by spyware delivered via a maliciousVPNservice, according to new findings from Kaspersky.
In its report, the company says practitioners of the Baháʼí Faith are being targeted with SandStrike spyware, which is being delivered to their endpoints via a malicious, unnamed VPN service.
Whoever is behind the attack has set up several Facebook pages and groups, Instagram accounts, and a Telegram channel that claim to promote the teachings of the Baháʼí Faith to lure in as many believers (and other curious people) to join. However, the accounts are used to promote the VPN service, under the pretense that it can be used to bypass censorship of religious materials in certain regions.
Legitimate VPN
The download links are distributed via Telegram, where its groups have more than 1,000 followers, Kaspersky says.
The VPN app being advertised is functional, and works as intended, the researchers found. They also said it even has its own VPN infrastructure, but installing the client also installs the SandStrike spyware, which exfiltrates sensitive, orpersonally identifiable information, to the attackers.
The data SandStrike collects includes call logs and contact lists, but it will also monitor the device in its entirety, to better keep track of the victim’s behavior.
These Android spyware apps are spreading like wildfire>This dangerous Android spyware could affect millions of devices>These are the best firewalls right now
Android spyware is a common threat, but the attackers are usually hunting for payment data, cryptocurrency wallets, and similar. In fact, an updated version of the Banker Android spyware was detected in late September 2022. This spyware steals the victim’s banking details and possibly even money in some cases.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
According to cybersecurity researchers fromMicrosoft, an unknown threat actor has initiated a smishing campaign (SMS phishing), through which it tries to trick people into downloading TrojanSpy:AndroidOS/Banker.O. This is amalwarevariant that’s capable of extracting all sorts of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
Mozambique VPN usage soars as internet restrictions continue
Retail and tech firms are hackers' most wanted targets – here’s what you can do about it
Apple iMac 24-inch M4 (2024) review: the best, and most colorful, all-in-one computer levels up
