Rogue Android apps listed Google Play Store are targeting their users, an investigation shows.
Two rogue Android apps, nSure Chat and iKHfaa VPN, hosted on the Google Play Store and used to extract user data, were identified by CYFIRMA, a cybersecurity firm.
According to the findings of the researchers, a developer whose name is “SecurITY Industry” is associated with the “DoNot” hacker group. People in Pakistan and South East Asia have been the targets of this threat group’s deliberate attacks.
According to CYFIRMA, “technical analysis indicates that the motive behind the attack is to gather information via the stager payload and use the gathered information for the second-stage attack, using malware with more destructive features.” This was the statement that was made.
Threat actors are able to plan future attacks and use Android malware with advanced features to target and exploit victims thanks to the apps’ access to users’ contact lists and locations.
The threat actor, according to the researchers, used a spear messaging attack on platforms like WhatsApp and Telegram. This attack was carried out with the intention of tricking victims into installing an app from the Google Play store.
In the past, the threat actor employed macro-laden malicious Word documents in spear phishing attacks. Disguising themselves as chat apps and distributing Android malware, these attacks specifically targeted several regions in South Asia.