APT-C-23 Using New Android Spyware in the Middle East

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
8,426
APT-C-23, aka “Two-Tailed Scorpion” or “Desert Falcon,” is using a new Android spyware variant in its Middle East-focusing operations. According to an analysis by the cyber-intelligence firm Cyble, it is a very potent threat. The malicious APK that is distributed through a fake app store uses the name ‘Google Play Installer,’ while its icon mimics that of Telegram. However, it’s nothing of the sort, as it just grabs multiple permissions and then dives deep into the stored data or comes and goes from the infected device.

The spyware requests contacts, call logs, and SMS permissions, the granting of admin rights, access to notifications, permission to install third-party applications, and more. Telegram is somewhat simulated for the trick to work, at least its user interface is, leading victims to believe they are about to use the e2ee messenger app. This is needed for convincing the victim to grant all the aforementioned permission and access requests, giving the spyware full power on the device.

The particular spyware is used for specific targeting of users in the Middle East, but it could easily find deployment elsewhere in the future. In this case, we see a dual-masquerading approach that doesn’t make much sense, as Google Play Installer and Telegram don’t match together in any logical context. However, it appears the trick works well in convincing the victims not only to install the APK themselves but also to grant access to over 18 risky permissions.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top