A new threat to Android phones disguises itself as apps with adult or covid-19-related content to spy on smartphone activity. The Transparent Tribe group, which specializes in social engineering techniques, now exploits distracted users with apps that look like official apps.
Under Kaspersky’s surveillance for more than four years, Transparent Tribe started adopting malware disguised as apps with adult content and official apps with information about covid-19 to attack a larger number of cell phones.
According to Kaspersky, the company has been actively working to improve its toolset and expand the range of attacks to maximize its impact. One example of the new practices is a new fake app for tracking covid-19, launched in India and another for pornographic content.
The discovery comes from the correlation between the apps: both redirect to the same domain, known to be owned by the Transparent Tribe group. The first app is simply a modified version of an open source video player for Android; while the second is similar to a covid-19 tracking app launched by the Indian government.
Once installed, they display content as a distraction and try to install another package of Android files – a modification of remote access tools called Android AhMyth. This version includes the known features of the tool, including the ability to download new apps; access SMS messages; microphone; call log; GPS and file theft.
“The findings reinforce the commitment of Transparent Tribe members to add new tools to further expand their operations and reach their victims through different attack vectors, which now include mobile devices,” comments Giampaolo Dedola, senior security researcher at Kaspersky.
As a recommendation, the professional recommends that all users be attentive to the sources of content download, never relying on third party links or downloads in emails. More details on the threats released by Transparent Tribe are described in the full report at Securelist.