Arid Viper poisons Android apps with AridSpy
June 14, 2024, 8:34 a.m.
Tags
External References
Description
ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its command-and-control server to avoid detection and exfiltrates sensitive information like contacts, messages, locations, and media files.
Date
Published: June 14, 2024, 8:25 a.m.
Created: June 14, 2024, 8:25 a.m.
Modified: June 14, 2024, 8:34 a.m.
Indicators
f4ddfd426440829bcbbbe789cb0c18fa3a23798eb5643f1c88b7986390b3d648
d6140ef329f2a8f141a05055b1d583a40dc9f5b26b00c63c72c7ebd82fa3c7ec
a4e74f74e675a08fdf8e0b55d5da59af8f1c67a2820c97ba6c6790b29589663d
19df327e7c0ffe8bd883f044c3906424cefe893d50a0d5386e8445668d2dd1e4
0cb41557841ff6f314c398250a165706e0b18f93674a7c12f4489018a1661673
crashstoreplayer.website
almoshell.website
68.65.122.94
68.65.121.90
68.65.121.120
66.29.141.173
64.44.102.198
23.106.223.54
23.106.223.135
199.192.25.241
198.187.31.161
162.0.224.52
45.87.81.169
23.254.130.97
www.palcivilreg.com
www.lapizachat.com
zezsoft.wuaze.com
voevanil.com
ultraversion.com
renatchat.com
reblychat.com
pariberychat.com
palcivilreg.com
orientflags.com
nortirchats.com
lapizachat.com
gameservicesplay.com
elsilvercloud.com
clemochat.com
androidd.com
analyticsandroid.com
alwaysgoodidea.com
Attack Patterns
AridSpy
Arid Viper
Additional Informations
Palestine
Egypt