Today > 3 Critical | 10 High | 7 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

Arid Viper poisons Android apps with AridSpy

June 14, 2024, 8:34 a.m.

Description

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its command-and-control server to avoid detection and exfiltrates sensitive information like contacts, messages, locations, and media files.

Date

Published: June 14, 2024, 8:25 a.m.

Created: June 14, 2024, 8:25 a.m.

Modified: June 14, 2024, 8:34 a.m.

Indicators

f4ddfd426440829bcbbbe789cb0c18fa3a23798eb5643f1c88b7986390b3d648

d6140ef329f2a8f141a05055b1d583a40dc9f5b26b00c63c72c7ebd82fa3c7ec

a4e74f74e675a08fdf8e0b55d5da59af8f1c67a2820c97ba6c6790b29589663d

19df327e7c0ffe8bd883f044c3906424cefe893d50a0d5386e8445668d2dd1e4

0cb41557841ff6f314c398250a165706e0b18f93674a7c12f4489018a1661673

crashstoreplayer.website

almoshell.website

68.65.122.94

68.65.121.90

68.65.121.120

66.29.141.173

64.44.102.198

23.106.223.54

23.106.223.135

199.192.25.241

198.187.31.161

162.0.224.52

45.87.81.169

23.254.130.97

www.palcivilreg.com

www.lapizachat.com

zezsoft.wuaze.com

voevanil.com

ultraversion.com

renatchat.com

reblychat.com

pariberychat.com

palcivilreg.com

orientflags.com

nortirchats.com

lapizachat.com

gameservicesplay.com

elsilvercloud.com

clemochat.com

androidd.com

analyticsandroid.com

alwaysgoodidea.com

Attack Patterns

AridSpy

Arid Viper

Additional Informations

Palestine

Egypt