Today > 3 Critical | 10 High | 10 Medium | 4 Low vulnerabilities   -   You can now download lists of IOCs here!

New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

May 6, 2024, 9:29 a.m.

Description

CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through social engineering tactics like impersonating senior officers and distributing the malware via WhatsApp, the group aimed to gain access to victims' contacts, call logs, SMS, and potentially screen monitoring capabilities.

Date

Published: May 6, 2024, 8:47 a.m.

Created: May 6, 2024, 8:47 a.m.

Modified: May 6, 2024, 9:29 a.m.

Indicators

6c9a7e15d666fd61f62f1802d79782753ba25aaa76ecc86401658807f5d41503

78625e72074eee611866ab04ae1935f2152ed695d3adcd68061d10386170668b

38.92.47.116

Attack Patterns

Craxs Rat

Spynote

Unidentified Pakistan-based Group

Additional Informations

Defense

British Indian Ocean Territory

India

Pakistan