New Android spyware strain masquerades as COVID-19 tracking app

News
By published

Hacking group also using pornographic clips to expand footprint on mobile devices, warns Kaspersky

Malware on a phone
(Image credit: Shutterstock)

A new form of Android spyware has been discovered that uses explicit content and the COVID-19 pandemic to instal remote access malware on mobile devices.

The malicious application is being distributed by a prolific hacking group based in India, dubbed "Transparent Tribe", according to Kaspersky researchers.

LoJax rootkit used by Russian-linked Fancy Bear has been silently active since 2016 Android RAT malware invades mobile banking apps Eugene Kaspersky: The man, the myth, the maverick

The cyber security vendor has been tracking the group for over four years and recent research suggested it had been working to improve its toolset and expand its operation – which now includes mobile threats.

Previous investigations into Transparent Tribe uncovered an Android implant it had distributed in India as either a pornographic clip or as part of a fake national COVID-19 tracking app.

The first application is a modified version of a simple open-source video player you can find on Android, according to Kaspersky. As it's installed, it uses an adult video to distract the user. The second application, known as "Aarogya Setu", is similar to the coronavirus tracking app developed by the government of India's National Informatics Centre – a department under the country's Ministry of Electronics and Information Technology.

Once downloaded, both applications will attempt to install a modified version of an Android-based Remote Access Tool (RAT). This is malware that has been customised by the attackers to extract data.

The researchers spotted the connection between the group and the two applications thanks to the related domains the hackers used to host malicious files for its different campaigns.

"The new findings underline the efforts of the Transparent Tribe members to add new tools that expand their operations even further and reach their victims via different attack vectors, which now include mobile devices," said Giampaolo Dedola, a senior security researcher at Kaspersky's Global Research and Analysis Team.

"We also see that the actor is steadily working on improving and modifying the tools they use. To stay protected from such threats, users need to be more careful than ever in assessing the sources they download content from and make sure that their devices are secure. This is especially relevant to those who know that they might become a target of an APT attack."

Bobby Hellard
Bobby Hellard

Bobby Hellard is ITPro's Reviews Editor and has worked on CloudPro and ChannelPro since 2018. In his time at ITPro, Bobby has covered stories for all the major technology companies, such as Apple, Microsoft, Amazon and Facebook, and regularly attends industry-leading events such as AWS Re:Invent and Google Cloud Next.

Bobby mainly covers hardware reviews, but you will also recognize him as the face of many of our video reviews of laptops and smartphones.

More about malware
Malware Detected Warning Screen with abstract binary code 3d digital concept

Fake file converter tools are on the rise – here’s what you need to know
angled view of a dialogue box with a purple Malware icon surrounded by other neon blue dialogue boxes with pink backlight

A ‘significant increase’ in infostealer malware attacks left 3.9 billion credentials exposed to cyber criminals last year – and experts worry this is a ticking time bomb for enterprises
23andMe logo and branding pictured on a sign outside the company headquarters in Sunnyvale, California.

Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare
See more latest
Most Popular
23andMe logo and branding pictured on a sign outside the company headquarters in Sunnyvale, California.
Millions of 23andMe users’ genetic data could be up for grabs – and experts worry it’s a looming privacy nightmare
Microsoft Copilot logo and branding pictured on a smartphone screen.
Microsoft launches new security AI agents to help overworked cyber professionals
Malware Detected Warning Screen with abstract binary code 3d digital concept
Fake file converter tools are on the rise – here’s what you need to know
NetSuite branding pictured at the company's 'SuiteConnect' conference in Westminster, London, England.
NetSuite targets UK customer productivity gains with new AI tools
Oracle logo pictured on the front of the company headquarters in Redwood City, California.
Oracle breach claims spark war of words with security researchers
Klarna CEO Sebastian Siemiatkowski pictured while speaking at the Symposium Stockholm 'Brilliant Minds' technology and music conference in Stockholm, Sweden.
“No, I don't think it is the end of Salesforce”: Klarna CEO clarifies why it stopped using Salesforce – and why he doesn’t think other companies will follow suit
AI chatbot text dialogue boxes in difference colours above a digital circuit board with lines of light emanating from it
Enterprise AI is surging, but is security keeping up?
NHS logo displayed on a smartphone screen in white lettering on a blue background.
DHSC eyes infrastructure overhaul amid £114 million IT spending boost
Close up of a handshake with between people in suits.
Forcepoint bolsters C-suite with trio of leadership hires
Microsoft 365 logo pictured on a smartphone with Microsoft logo pictured in background.
Microsoft justifies 365 price increases after MP concerns