Android devices targeted by novel SandStrike spyware

Android devices are being compromised with the new SandStrike spyware distributed through a malicious VPN app, BleepingComputer reports. Social media accounts are being leveraged by threat actors to target Persian-speaking practitioners of the Bah Faith, a report from Kaspersky revealed. "To lure victims into downloading spyware implants, the SandStrike adversaries set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed materials, setting up an effective trap for adherents of this belief. Most of these social media accounts contain a link to a Telegram channel also created by the attacker," said Kaspersky. Aside from exfiltrating call logs and contact lists, SandStrike could also monitor Android device activity, the report added. While SandStrike is yet to be pinned to a specific threat actor, another Kaspersky report showed that Exchange servers in the Middle East vulnerable to ProxyLogon vulnerabilities are being targeted with the novel FramedGolf backdoor. "The malware has been used to compromise at least a dozen organizations, starting in April 2021 at the latest, with most still compromised in late June 2022," Kaspersky added.