Delete these fake, trojan-laden VPN apps from your Android phones now


Despite Google’s best efforts to counter the spread of malicious apps via the Google Play Store, there have been multiple cases wherein spiked applications with millions of downloads have been found on the company’s official app store. In the latest development, fake and trojan-laden versions of VPN apps have been spotted. However, this time they are being distributed via a separate website.
As per a blog by the ESET cybersecurity research firm, the team has identified an active campaign targeting Android users. The campaign is reportedly conducted by the Bahamut APT group and has been active since January 2022.
How is malware distributed?
In this campaign, the “cybermercenary group” is distributing malicious apps through a fake SecureVPN website that provides only Android apps to download. The malware-laden apps employed through the website are said to use the same name – SoftVPN and OpenVPN – as the legitimate apps.
These fake versions of these apps are repackaged with Bahamut spyware code that the Bahamut group has used in the past to attack people. ESET says they identified at least eight versions of these maliciously patched apps.
The main purpose of these apps is to extract sensitive user data and spy on victims’ messaging apps, the firm claims. These apps exfiltrate contacts, SMS messages, recorded phone calls and even chat messages from apps such as Signal, Viber, and Telegram.

“We believe that targets are carefully chosen, since once the Bahamut spyware is launched, it requests an activation key before the VPN and spyware functionality can be enabled. Both the activation key and website link are likely sent to targeted users,” it said in a blog post.
Bahamut APT group working
As per ESET, the Bahamut APT group targets entities and individuals in the Middle East and South Asia. The group specialises in cyber espionage is “also referred to as a mercenary group offering hack-for-hire services to a wide range of clients.” The mobile campaign by the group is reportedly still active.


Read original article here

Denial of responsibility! Todays Chronic is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – The content will be deleted within 24 hours.

Leave a comment