New social engineering attacks by Indian advanced persistent threat group Bahamut have involved the fraudulent Android chat app SafeChat to facilitate a version of the CoverIm spyware aimed at exfiltrating mobile device data, according to BleepingComputer.
Attackers have leveraged spear-phishing messages on WhatsApp to lure targets into downloading SafeChat, which is being touted as a more secure communications platform, with the fake app then exploiting Accessibility Services to obtain contacts list, call log, SMS, and external device storage access, as well as facilitate precise GPS location data retrieval and Android battery optimization subsystem exclusions, a report from Cyfirma revealed.
SafeChat has also been designed to monitor other installed chat apps in the compromised device while a module with RSA, OAEPPadding, and ECB support, as well as a "letsencrypt" certificate, have been used to enable data encryption efforts.
Such an intrusion has been found to resemble the activities of Indian state-backed hacking operation DoNot APT, also known as APT C-35.
Seventy-four percent of codebases had high-risk open source vulnerabilities last year, representing a significant increase over the 48% of those with exploited flaws, proof-of-concept exploits, and remote code execution issues in 2022.