A newly uncovered cyber espionage campaign has been targeting Android users in the Middle Eastern countries with malware designed to steal a wide range of data from infected devices. So far researchers at Trend Micro, who discovered the operation, have observed more than 660 infected Android devices and much of the information being stolen appear to be military-related.
In the new campaign, which has been named “Bouncing Golf” based on the malware’s code in the package named “golf,” the attackers infect victims’ devices with the highly invasive GolfSpy malware that is hidden inside once-legitimate applications that have been repackaged to contain malicious code. Repackaged apps include the Kik, Imo, Plus Messenger, Telegram, Signal and WhatsApp Business messaging apps, as well as various lifestyle, book and reference apps that are popular among Middle Easterners.
Instead of hosting malware-laden apps on Google Play or popular third-party app marketplaces, the campaign operators are distributing the apps via website, which is being promoted on social media.
The GolfSpy malware is able to steal a wealth of information, including device accounts, lists of installed applications, running processes, battery status, bookmarks and histories of the default browser, call logs and records, clipboard contents, contacts (including those in VCard format), mobile operator information, files stored on an SDcard, device location, storage and memory information, connection information, sensor information, SMS messages, pictures, and lists of stored image, audio and video files.
Additionally, GolfSpy can perform commands used for cyber espionage purposes, including searching for, listing, deleting, and renaming files as well as downloading a file into and retrieving a file from the device; taking screenshots; installing other application packages (APK); recording audio and video; and updating the malware.
The campaign ..
Support the originator by clicking the read the rest link below.
