Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Dec. 10, 2024, 3:03 p.m.
Tags
External References
Description
An unknown threat actor has deployed a malicious Android sample targeting high-value assets in Southern Asia. The malware, generated using the Spynote Remote Administration Tool, was delivered via WhatsApp in multiple attempts. The payload, concealed and operating in the background, exhibits various capabilities including location tracking, contact access, camera control, SMS reading, and file system interaction. The malware also attempts to enable accessibility settings for enhanced control. Analysis reveals obfuscated code and permissions that allow extensive monitoring and data extraction. The attack's sophistication suggests possible involvement of an APT group, though the specific actor remains unidentified. This incident highlights the ongoing use of SpyNote variants in targeted attacks against critical sectors and individuals.
Date
Published: Dec. 10, 2024, 2:55 p.m.
Created: Dec. 10, 2024, 2:55 p.m.
Modified: Dec. 10, 2024, 3:03 p.m.
Indicators
a70089301ff628f09b90b269f6e8f5c6b5ae0b3073028abcc62fec9d2f1c954c
8aa1a66e03596c0eba6f91fb081ddb4081f43b02d421e069c6be8bbf5d399b89
6127daf756865ee089ba83efdadebda2c047026a698759de09127d0dfe630e8d
0552137aaa2c9419c8843d50bcb15a4c80913ed47eb71c5e5ab9b5ac257944ed
182.191.122.219
Attack Patterns
SpyNote
T1541
T1533
T1426
T1420
T1417
T1513
T1406