Cyfirma analysts have also discovered that the code base of the hackers' VPN app was copied from the legitimate Liberty VPN service. This data is later sent to the attacker's C2 server via an HTTP request. The collected data is stored locally using Android's ROOM library. In other cases, the app fetches the last known location of the device. However, to access the target's current location, the GPS on the victim’s device needs to be active. The apps then collect this data and send them to the attacker. These permissions include access to the user's contact list and precise location data. How these apps are stealing data The report claims that these apps request users for risky permissions during installation. This suggests that these apps are used selectively against specific targets. The download count on the apps developed by the ‘SecurITY Industry’ is comparatively low.
0 kommentar(er)
