New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware
May 6, 2024, 9:29 a.m.
Description
CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through social engineering tactics like impersonating senior officers and distributing the malware via WhatsApp, the group aimed to gain access to victims' contacts, call logs, SMS, and potentially screen monitoring capabilities.
Date
| Published | Created | Modified |
|---|---|---|
| May 6, 2024, 8:47 a.m. | May 6, 2024, 8:47 a.m. | May 6, 2024, 9:29 a.m. |
Indicators
6c9a7e15d666fd61f62f1802d79782753ba25aaa76ecc86401658807f5d41503
78625e72074eee611866ab04ae1935f2152ed695d3adcd68061d10386170668b
38.92.47.116
Attack Patterns
Craxs Rat
Spynote
Unidentified Pakistan-based Group
Additional Informations
Defense
British Indian Ocean Territory
India
Pakistan