New social engineering attacks by Indian advanced persistent threat group Bahamut have involved the fraudulent Android chat app SafeChat to facilitate a version of the CoverIm spyware aimed at exfiltrating mobile device data, according to BleepingComputer.
Attackers have leveraged spear-phishing messages on WhatsApp to lure targets into downloading SafeChat, which is being touted as a more secure communications platform, with the fake app then exploiting Accessibility Services to obtain contacts list, call log, SMS, and external device storage access, as well as facilitate precise GPS location data retrieval and Android battery optimization subsystem exclusions, a report from Cyfirma revealed.
SafeChat has also been designed to monitor other installed chat apps in the compromised device while a module with RSA, OAEPPadding, and ECB support, as well as a "letsencrypt" certificate, have been used to enable data encryption efforts.
Such an intrusion has been found to resemble the activities of Indian state-backed hacking operation DoNot APT, also known as APT C-35.
Application security, Endpoint/Device Security, Data Security
Fraudulent Android chat app leveraged in new Bahamut attack
An In-Depth Guide to Application Security
Get essential knowledge and practical strategies to fortify your applications.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds