Malware found hiding disguised as Android security, VPN apps

Google Play Store
Image credit: Shutterstock (Image credit: Shutterstock)

According to cybersecurity company Cyfirma, hacking group DoNot, also known as APT-C-35 and SectorE02, is behind several Android apps that are believed to have malware characteristics.

The group is believed to have been targeting South Asian victims since 2016 and has recently been linked to cyberattacks in the Kashmir region.

According to Cyfirma, the two-stage attack first collects information via a stager payload and then goes on to use malware to compromise targets linked to Pakistan.

Android malware apps

Fronting the attacks are the nSure Chat app which promises end-to-end encrypted messaging, Device Basics Plus which looks to present device and hardware statistics in a simple dashboard, and iKHfaa VPN, all developed by SecurITY Industry.

nSure Chat and iKHfaa VPN both appear to have malicious characteristics, with the VPN app having copied code from a legitimate VPN service provider and injected additional libraries to silently perform malicious activity.

Permission to access phone contacts and system location are most concerning, with live location tracking enabled should the user accept.

In its report, Cyfirma suggests that the group may be linked to India, citing numerous sources including other security communities, and could even be backed by the government. Military, telecom, government, NGO, and embassy bodies all look to be the subjects of spear phishing, spear messaging, and social engineering attacks, which primarily revolve around the Android mobile operating system, but also Windows.

A Google spokesperson confirmed in an email to TechRadar Pro:

"These apps have been removed from Google Play and the developer has been banned. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources."

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!