"Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware"

Adware and other unwanted, potentially dangerous applications continue to be the most serious threat that mobile device users face today. However, attackers are constantly attempting to deploy more sophisticated mobile malware. The most recent example is "SandStrike," a booby-trapped Virtual Private Network (VPN) app used to install spyware on Android devices. The malware searches for and steals call logs, contact lists, and other sensitive data from infected devices. According to security researchers, it can also track and monitor specific users. SandStrike operators were observed attempting to install sophisticated spyware on devices belonging to members of Iran's Baha'i community, a Persian-speaking minority group. It remains unclear how many devices the threat actor may have targeted or infected. To entice users to download the weaponized app, the threat actors have set up multiple Facebook and Instagram accounts, each claiming to have over 1,000 followers. The social media accounts display religious-themed graphics intended to pique the interest of members of the targeted faith group. The accounts frequently include a link to a Telegram channel that provides a free VPN app for users who want to access sites that contain prohibited religious materials. In order to make the app fully functional, the threat actors have even set up their own VPN infrastructure. When a user downloads and installs SandStrike, it quietly collects and exfiltrates sensitive data associated with the infected device's owner. The operation is the latest in many espionage operations involving advanced infrastructure and mobile spyware, which is an arena populated by well-known threats such as NSO Group's Pegasus spyware as well as emerging problems such as Hermit. This article continues to discuss the SandStrike espionage-aimed Android malware. 

Dark Reading reports "Cyber-Threat Actor Uses Booby-Trapped VPN App to Deploy Android Spyware"