Security News > 2023 > June > Android spyware camouflaged as VPN, chat apps on Google Play
Three Android apps on Google Play were used by state-sponsored threat actors to collect intelligence from targeted devices, such as location data and contact lists.
The malicious Android apps were discovered by Cyfirma, who attributed the operation with medium confidence to the Indian hacking group "DoNot," also tracked as APT-C-35, which has targeted high-profile organizations in Southeast Asia since at least 2018.
In 2021, an Amnesty International report linked the threat group to an Indian cybersecurity firm and highlighted a spyware distribution campaign that also relied on a fake chat app.
Both apps and a third from the same publisher, which does not appear malicious according to Cyfirma, remain available on Google Play.
Cyfirma's analysts have found that the code base of the hackers' VPN app was taken directly from the legitimate Liberty VPN product.
Direct messages on these apps direct victims to the Google Play store, a trusted platform that lends legitimacy to the attack, so they can be easily tricked into downloading suggested apps.
News URL
Related news
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Google Play, Apple App Store apps caught stealing crypto wallets (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (source)