The newly discovered SandStrike spyware uses a compromised VPN app to infect Android users in a new cybercriminal campaign. An investigation revealed that the spyware operators focus their attacks against a religion created in Iran and its branches in the Middle East.
The threat actors are propagating their malware through a malicious VPN application that spreads censorship of religious materials in selected regions. Moreover, the adversaries use social media accounts such as Telegram channels to extend their spyware further.
These other vectors are crucial to the group’s campaign since they provide links to download and install the compromised VPN.
SandStrike spyware actors use Facebook and Instagram accounts to bait their victims.
According to researchers, the SandStrike spyware operators set up Facebook and Instagram accounts that have 1,000 followers to attract victims into downloading the implant. The social media accounts controlled by the hackers are equipped with religious-themed materials to put an effective trap on the supporters of the belief.
Furthermore, experts warned users to be wary of the app since it contains a legitimate VPN infrastructure, but it also installs the SandStrike spyware.
The spyware could steal various types of data, such as contact lists and call logs, along with the ability to monitor compromised devices that could aid its operators in keeping tabs on its victim’s movement.
Security researchers who identified the spyware are yet to attribute its creation to any specific hacking group. A researcher highlighted several newly developed attacks and campaigns in the Middle East.
The most recent one is an IIS backdoor called FramedGold launched by its actors attacking an unpatched Exchange server with ProxyLogon security vulnerabilities. Malware has been utilised to attack multiple organisations.
Another new-found malware emerged after a company published an analysis of the malware platform. The company noted that the malware is called Metatron, which the threat actors use to target internet service providers, telecommunication companies, and educational institutions in the Middle East and Africa.
Experts claimed that the increase of newly developed malware in this region indicates that the threat actors focus on targeting high-profile Middle Eastern companies.
