experts-warn-of-sandstrike-android-spyware-infecting-devices-via-malicious-vpn-app

Share news article

Share on facebook
Share on twitter
Share on linkedin
Share on email

Experts Warn of SandStrike Android Spyware Infecting Devices via Malicious VPN App

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application.

Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group.

“SandStrike is distributed as a means to access resources about the Bahá’í religion that are banned in Iran,” the company noted in its APT trends report for the third quarter of 2022.

While the app is ostensibly designed to provide victims with a VPN connection to bypass the ban, it’s also configured to covertly siphon data from the victims’ devices, such as call logs, contacts, and even connect to a remote server to fetch additional commands.

The booby-trapped VPN service, while fully functional, is said to be distributed via a Telegram channel controlled by the adversary.

Links to the channel are also advertised on fabricated social media accounts set up on Facebook and Instagram for the purpose of luring potential victims into downloading the app.

According to an Amnesty International report published in August 2022, Iran’s Ministry of Intelligence has arrested at least 30 members of the community in various parts of the country since July 31, 2022.

The religious minority has been subjected to heightened persecution by Iranian authorities, accusing it of being spies with links to Israel, leading to “raids, arbitrary arrests, home demolitions and land grabs.”

“APT actors are now strenuously used to create attack tools and improve old ones to launch new malicious campaigns,” Kaspersky security researcher Victor Chebyshev said.

“In their attacks, they use cunning and unexpected methods. Today it is easy to distribute malware via social networks and remain undetected for several months or even more.”


Found this article interesting? Follow THN on Facebook, Twitter and LinkedIn to read more exclusive content we post.

Related News

How to Craft Rich Data-Driven Infographics with Powered Template

How to Craft Rich Data-Driven Infographics with Powered Template

We’re living in a data-driven world, and this means that it’s imperative to share information in the most engaging and…
Meta Fined €265 million in Facebook Data Scraping Case in the EU

Meta Fined €265 million in Facebook Data Scraping Case in the EU

Ireland’s Data Protection Commissioner (DPC) has placed yet another fine of €265 million ($277 million) on Meta following Facebook’s data…
Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs

While performing routine monitoring, Cyble’s Global Sensor Intelligence (GIS) discovered a threat actor is distributing unauthorized access to several Fortinet…