"Beware of Dangerous Spyware Masquerading as VPN Apps"

According to new research from ESET, the Advanced Persistent Threat (APT) group Bahamut has been using Virtual Private Network (VPN) apps as a new carrier for dangerous malware targeting Android phones. Threat actors could hire the Bahamut APT group to launch spear phishing attacks. The group has been active for some time, targeting people in the Middle East and South Asia. ESET researchers discovered at least eight versions of Bahamut spyware in trojanized versions of popular Android apps SoftVPN and OpenVPN. In order to infect these malicious apps, the group allegedly repurposed older spyware code. Since 2017, the Bahamut APT has made headlines for various cyber espionage attacks. This one involving VPN apps is a fairly standard spyware attack designed to compromise the victim's device and gain access to SMS, call logs, location, and call recordings. Through the capability of key logging, the spyware can spy on messaging apps such as WhatsApp and extract other data such as banking information. All infected apps were distributed using a spoofed version of the SecureVPN website, and they were never available for download on the Play Store. These VPN apps appeared to target specific people, who were directed to a website with a special activation key. Another red flag for potential victims is that the genuine version of the VPN does not require an activation key or a visit to the website. This key prevents the malicious payload from executing on devices that do not belong to the specific victim. This article continues to discuss spyware disguised as VPN apps. 

Android Police reports "Beware of Dangerous Spyware Masquerading as VPN Apps"