Security News > 2022 > November > Bahamut Cyber Espionage Hackers Targeting Android Users with Fake VPN Apps
The cyber espionage group known as Bahamut has been attributed as behind a highly targeted campaign that infects users of Android devices with malicious apps designed to extract sensitive information.
The activity, which has been active since January 2022, entails distributing rogue VPN apps through a fake SecureVPN website set up for this purpose, Slovak cybersecurity firm ESET said in a new report shared with The Hacker News.
At least eight different variants of the spyware apps have been discovered to date, with them being trojanized versions of legitimate VPN apps like SoftVPN and OpenVPN. The tampered apps and their updates are pushed to users through the fraudulent website.
Bahamut was unmasked in 2017 by Bellingcat as a hack-for-hire operation targeting government officials, human rights groups, and other high-profile entities in South Asia and the Middle East with malicious Android and iOS apps to spy on its victims.
The latest wave follows a similar trajectory, tricking users into installing seemingly innocuous VPN apps that can exfiltrate a wide swathe of information, including files, contact lists, SMSes, phone call recordings, locations, and messages from WhatsApp, Facebook Messenger, Signal, Viber, Telegram, and WeChat.
"The mobile campaign operated by the Bahamut APT group is still active; it uses the same method of distributing its Android spyware apps via websites that impersonate or masquerade as legitimate services, as has been seen in the past," Štefanko added.
News URL
https://thehackernews.com/2022/11/bahamut-cyber-espionage-hackers.html
Related news
- Hackers Weaponize Visual Studio Code Remote Tunnels for Cyber Espionage (source)
- Reminder: China-backed crews compromised 'multiple' US telcos in 'significant cyber espionage campaign' (source)
- FBI confirms China-linked cyber espionage involving breached telecom providers (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- Chinese Hackers Exploit T-Mobile and Other U.S. Telecoms in Broader Espionage Campaign (source)
- Hackers exploit critical bug in Array Networks SSL VPN products (source)
- Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks (source)