Campagne d'espionnage sur mobile Android - Novembre 2022

OpenVPN app for Android modified by hackers for spying

Security researchers have shed light on a cyber espionage campaign operated by a group called Bahamut, whose goal is to harvest smartphone information from modified VPN apps that embed spyware. Let’s do a check in.

According to security researchers, including Lukas Stefanko from ESETThis is’a highly targeted campaign whose main objective is to recover lists of contacts, calls, messages (from several applications like Signal, Viber, WhatsApp, Telegram, and Facebook Messenger) as well as the location of the device.

For this, the hackers took VPN apps “SoftVPN” and “OpenVPN” for Androidin order to repackage with malicious code which is there to add functions to exfiltrate information from the device. Finally, the user gets a working application since the VPN client remains operational, but it is unaware that the application is siphoning off its data.

These applications were not distributed through the Google Play Store, which also indicates that this is a targeted campaign. Instead, hackers set up fake websites like “thesecurevpnwith the aim of distributing SoftVPN and OpenVPN installation APK packages. It can be imagined that the cybercriminals set up a phishing campaign and used social networks to distribute the malicious applications.

The Bahamut group is not in its first malicious campaign since these cybercriminals would be active at least since 2017. Besides, there is similarities in the source code of malicious applications used in these various campaigns, in particular between SecureChat and SecureVPN apps. In the past, Bahamut hackers have targeted entities and individuals in the Middle East and South Asia, but according to cybersecurity specialists, this group of cybercriminals operates worldwide.



#OpenVPN #app #Android #modified #hackers #spying

Leave a Comment

Your email address will not be published. Required fields are marked *