New Android spyware strain masquerades as COVID-19 tracking app
Hacking group also using pornographic clips to expand footprint on mobile devices, warns Kaspersky


A new form of Android spyware has been discovered that uses explicit content and the COVID-19 pandemic to instal remote access malware on mobile devices.
The malicious application is being distributed by a prolific hacking group based in India, dubbed "Transparent Tribe", according to Kaspersky researchers.
The cyber security vendor has been tracking the group for over four years and recent research suggested it had been working to improve its toolset and expand its operation – which now includes mobile threats.
Previous investigations into Transparent Tribe uncovered an Android implant it had distributed in India as either a pornographic clip or as part of a fake national COVID-19 tracking app.
The first application is a modified version of a simple open-source video player you can find on Android, according to Kaspersky. As it's installed, it uses an adult video to distract the user. The second application, known as "Aarogya Setu", is similar to the coronavirus tracking app developed by the government of India's National Informatics Centre – a department under the country's Ministry of Electronics and Information Technology.
Once downloaded, both applications will attempt to install a modified version of an Android-based Remote Access Tool (RAT). This is malware that has been customised by the attackers to extract data.
The researchers spotted the connection between the group and the two applications thanks to the related domains the hackers used to host malicious files for its different campaigns.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"The new findings underline the efforts of the Transparent Tribe members to add new tools that expand their operations even further and reach their victims via different attack vectors, which now include mobile devices," said Giampaolo Dedola, a senior security researcher at Kaspersky's Global Research and Analysis Team.
"We also see that the actor is steadily working on improving and modifying the tools they use. To stay protected from such threats, users need to be more careful than ever in assessing the sources they download content from and make sure that their devices are secure. This is especially relevant to those who know that they might become a target of an APT attack."
Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.
Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.
-
M&S suspends online sales as 'cyber incident' continues
News Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
By Ross Kelly
-
Manners cost nothing, unless you’re using ChatGPT
Opinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
By Ross Kelly
-
Greek intelligence allegedly uses Predator spyware to wiretap Facebook security staffer
News The employee’s device was infected through a link pretending to confirm a vaccination appointment
By Zach Marzouk
-
North Korean-linked Gmail spyware 'SHARPEXT' harvesting sensitive email content
News The insidious software exfiltrates all mail and attachments, researchers warn, putting sensitive documents at risk
By Rory Bathgate
-
Young hacker faces 20-year prison sentence for creating prolific Imminent Monitor RAT
News He created the RAT when he was aged just 15 and is estimated to have netted around $400,000 from the sale of it over six years
By Connor Jones
-
European company unmasked as cyber mercenary group with ties to Russia
News The company that's similar to NSO Group has been active since 2016 and has used different zero-days in Windows and Adobe products to infect victims with powerful, evasive spyware
By Connor Jones
-
Mysterious MacOS spyware discovered using public cloud storage as its control server
News Researchers have warned that little is known about the 'CloudMensis' malware, including how it is distributed and who is behind it
By Rory Bathgate
-
Apple launching Lockdown Mode with iOS 16 to guard against Pegasus-style spyware
News Apple breaks its bug bounty record with $2 million top prize, alongside $10 million grant funding, as it launches industry-first protections for highly targeted individuals
By Connor Jones
-
El Salvador becomes latest target of Pegasus spyware
News The list of nations with access to Pegasus is growing, with evidence pointing to potential links between 35 confirmed Pegasus cases and the Salvadoran government
By Connor Jones
-
Egyptian exiles targeted with Predator spyware resembling NSO Group's Pegasus
News A high-profile politician and journalist have been targeted with spyware likely spread using WhatsApp messages
By Connor Jones