The links to the APK were posted online via now suspended Twitter profiles such as @farouk_112 and @farouk_113, which were regularly posting radicalized propaganda materials.
According to Intel Security experts, who discovered these accounts, the people behind these profiles posted links to an Android APK (app), advertised as a radio player Al Rayyan Radio, a Qatar radio station, urging followers to install the app.
SandroRAT used to spy on possible ISIS recruits
Intel's security team says that this APK file contained an Android RAT called SandroRAT, which allowed a third-party control over the device.
To avoid raising any suspicions, the malicious APK also came with a fully functional radio player that delivered the promised goods, and some more. This "some more" was a hidden process that kept the RAT component running even if the user wasn't using the radio player.
Full Article. ISIS Sympathizers Spied On Using Trojanized Android App
According to Intel Security experts, who discovered these accounts, the people behind these profiles posted links to an Android APK (app), advertised as a radio player Al Rayyan Radio, a Qatar radio station, urging followers to install the app.
SandroRAT used to spy on possible ISIS recruits
Intel's security team says that this APK file contained an Android RAT called SandroRAT, which allowed a third-party control over the device.
To avoid raising any suspicions, the malicious APK also came with a fully functional radio player that delivered the promised goods, and some more. This "some more" was a hidden process that kept the RAT component running even if the user wasn't using the radio player.
Full Article. ISIS Sympathizers Spied On Using Trojanized Android App
