Bitter APT has been leveraging a trojanized iteration of the Signal messaging app to deploy the Android spyware
Dracarys in cyberespionage campaigns against individuals in India, New Zealand, Pakistan, and the U.K., BleepingComputer
Victims of the cyberespionage operation have been sent the malicious app through a phishing page with the "signalpremium[.]com" domain spoofing the messaging app's download portal. The open-source nature of Signal has allowed the Bitter APT hacking operation to develop a version of the app with expected functionality and the Dracarys malware, which seeks permissions to contact list and SMS, camera and microphone access, and location, as well as exploits Accessibility Service for additional permissions.
Dracarys not only gathers and transmits contact list information, SMS data, installed app lists, call logs, GPS positions, and files, but also enables screenshot capturing and audio recording, with all collected data sent to Bitter APT's command-and-control server. Individuals have been encouraged to download apps from legitimate app stores to prevent such spyware compromises.