Followers of a small and relatively new religion growing in Iran and parts of the Middle East are targeted by spyware delivered via a malicious VPN (opens in a new tab) service, according to new findings from Kaspersky.
In its report, the company claims that followers of the Bahá’í Faith are targeted by SandStrike spyware, which is delivered to their endpoints via a malicious, unnamed VPN service.
Whoever is behind the attack has set up several Facebook pages and groups, an Instagram account, and a Telegram channel that allegedly promote the teachings of the Baha’i Faith in order to lure as many believers (and other curious people) as possible to join. However, the accounts are being used to promote the VPN service under the pretense that it can be used to bypass religious censorship in certain regions.
The download links are distributed via Telegram, whose groups have more than 1,000 followers, says Kaspersky.
Researchers have found that the advertised VPN app is functional and works as intended. They also said it even has its own VPN infrastructure, but client installation also installs SandStrike spyware that extracts sensitive or personally identifiable information (opens in a new tab)to the attackers.
The data SandStrike collects includes call logs and contact lists, but it will also monitor the device in its entirety to better track the victim’s behavior.
Android spyware is a common threat, but attackers usually hunt for payment details, cryptocurrency wallets, and the like. In fact, an updated version of Banker spyware for Android was detected in late September 2022. This spyware steals the victim’s banking details and in some cases even money.
According to Microsoft cybersecurity researchers, an unknown actor has initiated a smishing campaign (SMS phishing) by which he is trying to trick people into downloading TrojanSpy:AndroidOS/Banker.O. It is a variant of the malware that is capable of extracting all kinds of sensitive information including Two-Factor Authentication (2FA) codes, account credentials and other personal information (PII).
By: Beeping Computer (opens in a new tab)