A beforehand undocumented Android spy ware marketing campaign has been discovered putting Persian-speaking people by masquerading as a seemingly innocent VPN software.
Russian cybersecurity agency Kaspersky is monitoring the marketing campaign beneath the moniker SandStrike. It has not been attributed to any explicit menace group.
“SandStrike is distributed as a way to entry sources concerning the Bahá’í faith which can be banned in Iran,” the corporate famous in its APT tendencies report for the third quarter of 2022.
Whereas the app is ostensibly designed to supply victims with a VPN connection to bypass the ban, it is also configured to covertly siphon information from the victims’ units, corresponding to name logs, contacts, and even connect with a distant server to fetch extra instructions.
The booby-trapped VPN service, whereas totally purposeful, is alleged to be distributed through a Telegram channel managed by the adversary.
Hyperlinks to the channel are additionally marketed on fabricated social media accounts arrange on Fb and Instagram for the aim of luring potential victims into downloading the app.
In keeping with an Amnesty Worldwide report printed in August 2022, Iran’s Ministry of Intelligence has arrested not less than 30 members of the group in numerous components of the nation since July 31, 2022.
The spiritual minority has been persecuted by Iranian authorities, accusing it of being spies with hyperlinks to Israel, resulting in “raids, arbitrary arrests, house demolitions and land grabs.”
“APT actors at the moment are strenuously used to create assault instruments and enhance previous ones to launch new malicious campaigns,” Kaspersky safety researcher Victor Chebyshev stated.
“Of their assaults, they use crafty and surprising strategies. As we speak it’s straightforward to distribute malware through social networks and stay undetected for a number of months or much more.”
