- Jan 8, 2011
- 22,361
They focus on Persian-speaking practitioners of the Baháʼí Faith, a religion developed in Iran and parts of the Middle East.
The attackers are promoting the malicious VPN app as a simple way to circumvent censorship of religious materials in certain regions.
To spread it, they use social media accounts to redirect potential victims to a Telegram channel that would provide them with links to download and install the booby-trapped VPN.
Source New SandStrike spyware infects Android devices via malicious VPN app via New SandStrike spyware targets Android users with booby-trapped VPN applicationIn this channel, the actor behind SandStrike distributed a seemingly harmless VPN application to access sites banned in certain regions, for example, religious-related materials. To make this application fully functional, adversaries also set up their own VPN infrastructure.
However, the VPN client contains fully-functioning spyware with capabilities allowing threat actors to collect and steal sensitive data, including call logs, contact lists, and also track any further activities of persecuted individuals.
No app listed.