TechBeware the cyber threat: Invasive Android spyware targets Android applications

Beware the cyber threat: Invasive Android spyware targets Android applications

Security researchers from ESET are drawing attention to the accelerating campaigns of fraudsters who infect Android applications. The immediate threat is the spy payload AridSpy, which currently targets popular programs in Palestine and Egypt.

Smartphone with Android
Smartphone with Android
Images source: © Dobreprogramy | Oskar Ziomek

12:26 PM EDT, June 16, 2024

Although there is no direct threat to users in the U.S., we have often witnessed the rapid development of events in similar attacks. Typically, after succeeding in one market, these threats quickly adapt to target popular applications in other countries, increasing the pool of potential victims. As reported by ESET, the software reaches Android phones in several stages, all starting with an infected application.

Once downloaded and installed by the user, the application fetches the first payload, which can subsequently download another data package. Only then is the entire software chain ready, enabling the attacker to exchange data with the server and spy on the user who has fallen victim to the attack? ESET reports that five campaigns have been identified so far, attributed to the Arid Viper group, also known as APT-C-23, conducted in this manner.

AridSpy software infection diagram
AridSpy software infection diagram© Eset

When effectively launched on the victim's smartphone, AridSpy can read a range of information, allowing detailed surveillance of the victim. It can access the device's location, contact list, call history, SMS messages, photos from memory, clipboard contents, and notifications. Additional capabilities come into play if the victim's device was previously rooted.

ESET points out that AridSpy reaches Android phones through various means, and the source of the problem is that applications are not always available on the official Google Play store. In the cases described abroad, the spy software has been distributed through a crafted Facebook page or alternative hosting, not linked to the official distribution of Android applications.

© essanews.com
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.