Application security, Threat Intelligence

Android spyware deployed by against Yemeni humanitarian orgs

Share
(Adobe Stock)

Yemen-based humanitarian and human rights organizations CARE International, the King Salman Humanitarian Aid and Relief Centre, and the Norwegian Refugee Council have been targeted by suspected Houthi-aligned threat operation OilAlpha in attacks deploying the Android spyware SpyNote, also known as SpyMax, since early June, The Hacker News reports.

Malicious Android APK files purporting to be from legitimate organizations have been distributed by OilAlpha via WhatsApp to facilitate victim data theft with the SpyNote trojan, a report from Recorded Future's Insikt Group showed. Credential harvesting was also involved in the attacks by OilAlpha, which follow the delivery of GuardZoo surveillance tool in a separate intrusion by another pro-Houthi actor. "Houthi militants have continually sought to restrict the movement and delivery of international humanitarian assistance and have profited from taxing and re-selling aid materials. One possible explanation for the observed cyber targeting is that it is intelligence-gathering to facilitate efforts to control who gets aid and how it is delivered," said Recorded Future researchers.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.