According to new findings from Kaspersky, followers of a small, relatively new religion growing in Iran and parts of the Middle East are being targeted by spyware delivered via a rogue VPN service (opens in a new tab).
In its report, the company says that followers of the Baha'i Faith are being targeted by SandStrike spyware, which is delivered to their devices via a malicious, anonymous VPN service.
Whoever is behind the attack has created several Facebook pages and groups, Instagram accounts, and a Telegram channel claiming to promote the teachings of the Baha'i Faith in order to attract as many believers (and other curious people) to join. . However, the accounts are used to promote the VPN service, under the pretense that it can be used to bypass censorship of religious materials in certain regions.
legit vpn
The download links are distributed via Telegram, where its groups have more than 1000 subscribers, Kaspersky says.
The advertised VPN app is functional and works as expected, the researchers found. They also said it even has its own VPN infrastructure, but installing the client also installs SandStrike spyware, which extracts sensitive or personally identifiable information (opens in a new tab) from attackers.
The data SandStrike collects includes call logs and contact lists, but will also monitor the entire device to better track victim behavior.
Android spyware is a common threat, but attackers typically look for payment details, cryptocurrency wallets, and more. In fact, at the end of September 2022, an updated version of the Android Banker spyware was detected. This spyware steals the victim's bank details and possibly even money in some cases.
According to Microsoft cybersecurity researchers, an unknown malicious actor has launched a smishing campaign (SMS phishing), through which it tries to trick people into downloading TrojanSpy:AndroidOS/Banker.O. It is a malware variant capable of extracting all kinds of sensitive information, including two-factor authentication (2FA) codes, account login details, and other personally identifiable information (PII).
Via: BleepingComputer (Opens in a new tab)