Security News > 2022 > November > Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App
A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application.
Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike.
While the app is ostensibly designed to provide victims with a VPN connection to bypass the ban, it's also configured to covertly siphon data from the victims' devices, such as call logs, contacts, and even connect to a remote server to fetch additional commands.
The booby-trapped VPN service, while fully functional, is said to be distributed via a Telegram channel controlled by the adversary.
Links to the channel are also advertised on fabricated social media accounts set up on Facebook and Instagram for the purpose of luring potential victims into downloading the app.
"In their attacks, they use cunning and unexpected methods. Today it is easy to distribute malware via social networks and remain undetected for several months or even more."
News URL
https://thehackernews.com/2022/11/experts-warn-of-sandstrike-android.html
Related news
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)