Security News > 2022 > June > SideWinder Hackers Use Fake Android VPN Apps to Target Pakistani Entities

The threat actor known as SideWinder has added a new custom tool to its arsenal of malware that's being used in phishing attacks against Pakistani public and private sector entities.

The custom tool identified by Group-IB, dubbed SideWinder.

Script, acts as a traffic direction system diverting Pakistani users clicking on the phishing links to rogue domains.

Of special mention is a phishing link that downloads a VPN application called Secure VPN from the official Google Play store in an attempt to impersonate the legitimate Secure VPN app.

While the exact purpose of the fake VPN app remains unclear, this is not the first time SideWinder has sneaked past Google Play Store protections to publish rogue apps under the pretext of utility software.

In January 2020, Trend Micro detailed three malicious apps that were disguised as photography and file manager tools that leveraged a security flaw in Android to gain root privileges as well as abuse accessibility service permissions to harvest sensitive information.

News URL

https://thehackernews.com/2022/06/sidewinder-hackers-use-fake-android-vpn.html