TechProtect your data: AridSpy campaign targets Android apps

Protect your data: AridSpy campaign targets Android apps

Security researchers from Eset are drawing attention to the accelerating campaigns of fraudsters who infect Android applications. The threat is the spy payload AridSpy, which currently targets popular programs abroad in Palestine and Egypt.

Smartphone with Android
Smartphone with Android
Images source: © Dobreprogramy | Oskar Ziomek
Oskar Ziomek

16 June 2024 17:13

Although there is currently no direct threat to users in the UK, we have often witnessed the dynamic development of events in similar attacks. After "proving themselves" in one market, attackers are quickly prepared to target popular applications in other countries, increasing the pool of potential victims. As reported by Eset, the software reaches Android phones in several stages, starting with an infected application.

The infection pattern with AridSpy software
The infection pattern with AridSpy software© Eset

Once downloaded and installed by the user, the application fetches the first payload, which can then download another data package. Only then is the entire software chain ready, which exchanges data with the server and allows attackers to spy on the user. As Eset reports, five campaigns have been identified so far, attributed to the Arid Viper group, also known as APT-C-23, conducted in this way.

Once effectively launched, AridSpy can read a range of information on the victim's smartphone, allowing for detailed surveillance of the victim. It can read the device's location, contact list, call history, SMS messages, photos from memory, clipboard contents, or notifications. Additional capabilities come into play if the victim's device was previously rooted.

Eset points out that AridSpy reaches Android phones through various means, and the source of the problem is not always applications that have made it to the official Google Play store. In the cases described abroad, the spy software was distributed through a crafted Facebook page or alternative hosting that was not linked to the official distribution of Android applications.

Related content
© Daily Wrap
·

Downloading, reproduction, storage, or any other use of content available on this website—regardless of its nature and form of expression (in particular, but not limited to verbal, verbal-musical, musical, audiovisual, audio, textual, graphic, and the data and information contained therein, databases and the data contained therein) and its form (e.g., literary, journalistic, scientific, cartographic, computer programs, visual arts, photographic)—requires prior and explicit consent from Wirtualna Polska Media Spółka Akcyjna, headquartered in Warsaw, the owner of this website, regardless of the method of exploration and the technique used (manual or automated, including the use of machine learning or artificial intelligence programs). The above restriction does not apply solely to facilitate their search by internet search engines and uses within contractual relations or permitted use as specified by applicable law.Detailed information regarding this notice can be found  here.