Protect your data: AridSpy campaign targets Android apps

Security researchers from Eset are drawing attention to the accelerating campaigns of fraudsters who infect Android applications. The threat is the spy payload AridSpy, which currently targets popular programs abroad in Palestine and Egypt.

Although there is currently no direct threat to users in the UK, we have often witnessed the dynamic development of events in similar attacks. After "proving themselves" in one market, attackers are quickly prepared to target popular applications in other countries, increasing the pool of potential victims. As reported by Eset, the software reaches Android phones in several stages, starting with an infected application.

Once downloaded and installed by the user, the application fetches the first payload, which can then download another data package. Only then is the entire software chain ready, which exchanges data with the server and allows attackers to spy on the user. As Eset reports, five campaigns have been identified so far, attributed to the Arid Viper group, also known as APT-C-23, conducted in this way.

Once effectively launched, AridSpy can read a range of information on the victim's smartphone, allowing for detailed surveillance of the victim. It can read the device's location, contact list, call history, SMS messages, photos from memory, clipboard contents, or notifications. Additional capabilities come into play if the victim's device was previously rooted.

Eset points out that AridSpy reaches Android phones through various means, and the source of the problem is not always applications that have made it to the official Google Play store. In the cases described abroad, the spy software was distributed through a crafted Facebook page or alternative hosting that was not linked to the official distribution of Android applications.