Kaspersky researchers have discovered a new Android spyware app distributed by “Transparent Tribe”, a notorious “APT” group, in India under the guise of official information applications for COVID-19.
The pandemic is still relevant and has been turned into a product for exploitation by threatening entities, who make use of relevant social engineering threats.
The “Transparent Tribe” group, a threatening organization that has been monitored by Kaspersky for over four years, has also adopted this theme in its campaigns.
Recent findings show that the team is actively working to improve its toolkit and extend its approach to include threats to mobile devices.
During the previous “Transparent Tribe” investigation, Kaspersky was able to find a new “Android” implant used by the threatening carrier to spy on mobile devices in attacks, distributed in India as a pornographic application and as fake COVID-19 tracking applications nationwide.
The connection between the group and the two applications was made thanks to the relevant domains used by the organization to host malicious files for different campaigns.
The first application is a modified version of a simple open source video player for “Android”, which, during installation, displays a pornographic video as a distraction.
The second application is called “Aarogya Setu”· similar to the COVID-19 monitoring application for mobile devices, developed by the “National Information Technology Centre” of the Government of India.
Both applications, once downloaded, attempt to install another “Android” package file –a modified version of the “AhMyth Android Remote Access Tool (RAT)”– an open source software downloadable from “GitHub”, which was created by binding a malicious payload to other legitimate applications.
The modified version of the malware is different in functionality than the standard one. It includes new features added by intruders to improve data filtering, while some key features, such as camera image theft, are missing.
The application has the ability to download new applications to the phone, access SMS messages, microphone, call logs, monitor the location of the device and list and upload files to an external server from the phone.