Malware found hiding disguised as Android security, VPN apps

Google Play Store
Image credit: Shutterstock (Image credit: Shutterstock)

According to cybersecurity company Cyfirma, hacking group DoNot, also known as APT-C-35 and SectorE02, is behind several Android apps that are believed to have malware characteristics.

The group is believed to have been targeting South Asian victims since 2016 and has recently been linked to cyberattacks in the Kashmir region.

According to Cyfirma, the two-stage attack first collects information via a stager payload and then goes on to use malware to compromise targets linked to Pakistan.

Android malware apps

Fronting the attacks are the nSure Chat app which promises end-to-end encrypted messaging, Device Basics Plus which looks to present device and hardware statistics in a simple dashboard, and iKHfaa VPN, all developed by SecurITY Industry.

nSure Chat and iKHfaa VPN both appear to have malicious characteristics, with the VPN app having copied code from a legitimate VPN service provider and injected additional libraries to silently perform malicious activity.

Permission to access phone contacts and system location are most concerning, with live location tracking enabled should the user accept.

In its report, Cyfirma suggests that the group may be linked to India, citing numerous sources including other security communities, and could even be backed by the government. Military, telecom, government, NGO, and embassy bodies all look to be the subjects of spear phishing, spear messaging, and social engineering attacks, which primarily revolve around the Android mobile operating system, but also Windows.

A Google spokesperson confirmed in an email to TechRadar Pro:

"These apps have been removed from Google Play and the developer has been banned. Google Play Protect protects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources."

TOPICS
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read more
malware
Google warns of legit VPN apps being used to infect devices with malware
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
China-linked cyberespionage group PlushDaemon used South Korean VPN service to inject malware
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
An Android phone being held in the hand
These malicious Android apps were installed over 60 million times - here's how to stay safe
mobile phone
Popular Android financial help app is actually dangerous malware
Android phone malware
This nasty Android malware is posing as the Telegram Premium app
Latest in VPN Privacy & Security
Digital hand set location on map with two pins. AI technology in GPs, innovation delivery, map location, future transport logistic, route path concept. GPs point. New office location, change address
What does your IP address reveal about you?
A stethoscope next to a laptop on a pink background
How to check if your VPN is working
Teenager playing on a gaming PC with two monitors
Is using a VPN while gaming cheating? 5 myths you shouldn't believe about gaming with a VPN
Neon blue email symbols on a black background
Why am I suddenly getting so many spam emails?
A computer file surrounded by red laser beams
Cover your tracks: the risk of sending unencrypted files
Using an Amazon Fire Stick on a Smart TV
How to use a VPN with Fire Stick
Latest in News
Quordle on a smartphone held in a hand
Quordle hints and answers for Sunday, March 23 (game #1154)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Sunday, March 23 (game #385)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Sunday, March 23 (game #651)
Google Pixel 9 Pro Fold main display opened
Apple is rumored to be prioritizing battery life on the foldable iPhone – which could also feature a liquid metal hinge for added durability
Google Pixel 9
The Google Pixel 10 just showed up in Android code – and may come with a useful speed boost
L-mount alliance
Sirui joins L-Mount Alliance to deliver its superb budget lenses for Leica, DJI, Sigma and Panasonic cameras