Attacks leveraging fraudulent messaging apps to deploy a new PJobRAT Android trojan variant have been deployed against Taiwan as part of a 22-month cyberespionage campaign, according to Infosecurity Magazine.
Hijacked WordPress sites have been used by threat actors to spread the fake "SangaalLite" and "CChat" apps containing the updated PJobRAT malware, which has been improved with shell command execution capabilities, a report from Sophos X-Ops researchers revealed. Aside from running shell commands, the new PJobRAT payload also enables the exfiltration of SMS messages, device details, contacts, and media files, while bypassing detection through the utilization of Firebase Cloud Messaging. "While this particular campaign may be over, it's a good illustration of the fact that threat actors will often retool and retarget after an initial campaign making improvements to their malware and adjusting their approach before striking again," said Sophos, which urged Android users to mitigate the risk of compromise by downloading apps from trusted sources and adopting mobile security systems.
