News
New Variants Of Android Spyware Are Targeting Middle East Users
Sophos recommends Android users to never install apps from untrusted sources and avoid ignoring available OS and app updates.
British security software and hardware company Sophos has recently revealed that new variants of Android spyware used by the C-23 group are actively targeting users in the Middle East.
C-23, also known as GnatSpy, FrozenCell, or VAMP, is what cybersecurity professionals refer to as an advanced persistent threat (APT) adversary. Such adversaries are typically well-funded and well-organized, which allows them to quickly evolve their tactics to overcome even the most sophisticated cybersecurity defenses.
The C-23 adversary has been known for targeting individuals in the Middle East since at least 2017, with a particular focus on the Palestinian territories.
The latest variants of its Android spyware are most likely distributed via a download link sent to victims as text messages. The link leads to a malicious app that pretends to install legitimate updates on the victim’s mobile device. When the app is launched for the first time, it requests a number of permissions that let it spy on the victim. It then disguises itself to make removal more difficult.
“The new variants use more, and more varied, disguises than previous versions, hiding behind popular app icons such as Chrome, Google, Google Play, YouTube, or the BOTIM voice-over-IP service” explain Sophos. “If targets click a fraudulent icon, the spyware launches the legitimate version of the app, while maintaining surveillance in the background”.
Also Read: Dubai Establishes $272 Million Future District Fund To Attract Tech Companies
The information the new spyware can steal includes everything from text messages to the names of installed apps to contacts from all kinds of apps, including Facebook and WhatsApp. The spyware can even dismiss notifications and toggle “Do Not Disturb” settings.
Sophos recommends Android users to never install apps from untrusted sources and avoid ignoring available OS and app updates. The company’s own mobile antivirus app, called Sophos Intercept X for Mobile, can detect the new spyware as well as all kinds of other malicious software.