Security News > 2022 > November > New SandStrike spyware infects Android devices via malicious VPN app
Threat actors are using newly discovered spyware known as SandStrike and delivered via a malicious VPN application to target Android users.
The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.
To spread it, they use social media accounts to redirect potential victims to a Telegram channel that would provide them with links to download and install the booby-trapped VPN. "To lure victims into downloading spyware implants, the SandStrike adversaries set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed materials, setting up an effective trap for adherents of this belief," Kaspersky said.
While the app is fully functional and even uses its own VPN infrastructure, the VPN client also installs the SandStrike spyware, which scours their devices for sensitive data and exfiltrates it to its operators' servers.
On Tuesday, Kaspersky also published its APT trends report for Q3 2022, highlighting more interesting discoveries linked to malicious activity in the Middle East.
The company highlights a new IIS backdoor known as FramedGolf deployed in attacks targeting Exchange servers not patched against ProxyLogon-type security flaws.