Security News > 2022 > August > Facebook finds new Android malware used by APT hackers
Meta has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 using new Android malware.
These cyberspying operatives use social media platforms like Facebook to collect intelligence or to befriend victims using fake personas and then drag them to external platforms to download malware.
The Bitter APT was also observed in May 2022, targeting the government of Bangladesh with a new malware that featured remote file execution capabilities.
Meta's report explains that Bitter APT engaged in social engineering against targets in New Zealand, India, Pakistan, and the United Kingdom, using lengthy interactions and investing significant time and effort.
Bitter's recent attacks also revealed additions in the threat actor's arsenal in the form of two mobile apps, targeting iOS and Android users, respectively.
The Android app discovered by Facebook is a new malware that Meta named 'Dracarys,' which abuses accessibility services to give itself increased permissions without the user's consent.
News URL
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- Russia-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware (source)
- Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Hacker infects 18,000 "script kiddies" with fake malware builder (source)
- North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (source)