ANDROID MALWARE IN DONOT APT OPERATIONS

Jan. 21, 2025, 9:15 a.m.

Description

The DONOT APT group, serving Indian national interests, has deployed Android malware named 'Tanzeem' for intelligence gathering against internal threats. The malware, disguised as a chat application, exploits OneSignal, a customer engagement platform, for malicious purposes. It requests dangerous permissions to access call logs, contacts, storage, SMS, location, and account information. The malware communicates with command-and-control servers and uses push notifications to encourage installation of additional Android malware, enhancing persistence. The group's evolving tactics indicate ongoing efforts in strategic intelligence collection across South Asia, targeting various organizations to assist India's interests.

External References

https://www.cyfirma.com/research/android-malware-in-donot-apt-operations
https://otx.alienvault.com/pulse/678f643552cb3d9a2641a8db
Tags
apt
android
spyware
2025-01-21

Date

  • Created: Jan. 21, 2025, 9:09 a.m.
  • Published: Jan. 21, 2025, 9:09 a.m.
  • Modified: Jan. 21, 2025, 9:15 a.m.

Indicators

  • d512664df24b5f8a2b1211d240e3e767f5dd06809bb67afa367cdc06e2366aec
  • 8689d59aac223219e0fdb7886be289a9536817eb6711089b5dd099a1e580f8e4
  • updash.info
  • toolgpt.buzz
  • solarradiationneutron.appspot.com
  • saturn789454.appspot.com
Download all indicators here!

Attack Patterns

  • Tanzeem
  • DONOT

Additional Informations

  • Defense
  • Government
  • British Indian Ocean Territory
  • India