Almost 150 Android devices across India and Pakistan have been compromised by suspected Indian state-sponsored threat operation PatchWork in a new attack campaign leveraging mostly messaging apps that have been laced with the VajraSpy remote access trojan, The Hacker News reports.
Attackers were believed to have used romance scam lures to entice targets to download the malicious apps, including Chit Chat, Privee Talk, YohooTalk, and MeetMe, on Google Play and other app stores to facilitate infections with VajraSpy, which has espionage capabilities, according to a report from ESET.
"[VajraSpy] steals contacts, files, call logs, and SMS messages, but some of its implementations can even extract WhatsApp and Signal messages, record phone calls, and take pictures with the camera," said ESET researcher Lukas Stefanko.
Such a scheme comes after India- and Pakistan-based threat actors were reported by Cyfirma to have leveraged a fraudulent Android loan app to compromise Indian mobile users.
Google announced at the Google I/O 2024 conference that several new security and privacy enhancements are set to roll out for Android, including on-device live threat detection for identifying malicious apps, improved safeguards for screen sharing, and enhanced security against cell site simulators, TechCrunch reports.
The botnet malware tracked as Ebury has steadily expanded over the past decade, having compromised over 400,000 hosts since 2009, with about 100,000 still-infected systems identified by the end of 2023, according to SecurityWeek.
The Department of Defense will evaluate the cybersecurity of mobile devices used by analysts and servicemembers as mandated in the draft text of the 2025 National Defense Authorization Act, Nextgov/FCW reports.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news