New spyware under the name of SandStrike has been identified by cyber security researchers at Kaspersky. It carries out its function by getting itself delivered through a malevolent VPN application intended to attack Android devices. The attackers usually target the followers of the new religion, Baha I Faith, which got its root in Iran and made its way to some parts of the Middle East.
To lure in the victims, the hackers promote the malevolent VPN service as a solution to bypass the religious censorship imposed in some countries. To spread the SandStrike, social media platforms including Instagram and Facebook are being used. From these social media handles, the victims are transported to a Telegram channel hosting the links for the VPN to be installed. But instead, these links will be the gateway for spyware to make its debut on the victim's android device.
To make the social media account appear more realistic, the attackers display over a thousand followers and post-religious material on the feed and laying the perfect ground for the victim to get trapped in it. From these accounts, the link to the Telegram channel can easily be accessed by the users. Though the VPN service works perfectly fine making the victim believe that they’ve not been attacked or scammed, in the background, SandStrike also gets downloaded and begins the silent attack by getting its hand on the personal and sensitive information of the target. The usual data collected by the attackers include call history and contact list.
The security team who identified this spyware is still figuring out who could be behind this activity. The latest APT report for the third quarter of the ongoing year highlighted some discoveries related to such attacks specifically in the Middle East. The report talked about FramedGolf, a malware that started its activity in 2021 and has attacked over dozen companies while some of them recovered from the attack, most are still trying to make their way back.
The report even talked about Metatron, a spyware targeting Telecom companies and Internet providers in the Middle East.
Read next: Web Data Budgets Increase for 90% of Companies
To lure in the victims, the hackers promote the malevolent VPN service as a solution to bypass the religious censorship imposed in some countries. To spread the SandStrike, social media platforms including Instagram and Facebook are being used. From these social media handles, the victims are transported to a Telegram channel hosting the links for the VPN to be installed. But instead, these links will be the gateway for spyware to make its debut on the victim's android device.
To make the social media account appear more realistic, the attackers display over a thousand followers and post-religious material on the feed and laying the perfect ground for the victim to get trapped in it. From these accounts, the link to the Telegram channel can easily be accessed by the users. Though the VPN service works perfectly fine making the victim believe that they’ve not been attacked or scammed, in the background, SandStrike also gets downloaded and begins the silent attack by getting its hand on the personal and sensitive information of the target. The usual data collected by the attackers include call history and contact list.
The security team who identified this spyware is still figuring out who could be behind this activity. The latest APT report for the third quarter of the ongoing year highlighted some discoveries related to such attacks specifically in the Middle East. The report talked about FramedGolf, a malware that started its activity in 2021 and has attacked over dozen companies while some of them recovered from the attack, most are still trying to make their way back.
The report even talked about Metatron, a spyware targeting Telecom companies and Internet providers in the Middle East.
Read next: Web Data Budgets Increase for 90% of Companies
