New Pakistan-based Cyber Espionage Group’s Year-Long Campaign Targeting Indian Defense Forces with Android Malware

May 6, 2024, 9:29 a.m.

Description

CYFIRMA researchers identified an Android malware campaign, active for over a year, targeting Indian defense personnel by an unidentified Pakistan-based cyber espionage group. The threat actor utilized Spynote or a modified version called Craxs Rat, obfuscating the app with high complexity. Through social engineering tactics like impersonating senior officers and distributing the malware via WhatsApp, the group aimed to gain access to victims' contacts, call logs, SMS, and potentially screen monitoring capabilities.

External References

https://www.cyfirma.com/research/new-pakistan-based-cyber-espionage-groups-year-long-campaign-targeting-indian-defense-forces-with-android-malware
https://otx.alienvault.com/pulse/66389914e641a53a972fc95e
Tags
malware
espionage
android
pakistan
2024-05-03
2024-05-04
2024-05-05
2024-05-06
india
spynote
defense
craxs rat

Date

  • Created: May 6, 2024, 8:47 a.m.
  • Published: May 6, 2024, 8:47 a.m.
  • Modified: May 6, 2024, 9:29 a.m.

Indicators

  • 6c9a7e15d666fd61f62f1802d79782753ba25aaa76ecc86401658807f5d41503
  • 78625e72074eee611866ab04ae1935f2152ed695d3adcd68061d10386170668b
  • 38.92.47.116
Download all indicators here!

Attack Patterns

  • Craxs Rat
  • Spynote
  • Unidentified Pakistan-based Group

Additional Informations

  • Defense
  • British Indian Ocean Territory
  • India
  • Pakistan