New Android spyware strain masquerades as COVID-19 tracking app

Hacking group also using pornographic clips to expand footprint on mobile devices, warns Kaspersky

A new form of Android spyware has been discovered that uses explicit content and the COVID-19 pandemic to instal remote access malware on mobile devices.

The malicious application is being distributed by a prolific hacking group based in India, dubbed "Transparent Tribe", according to Kaspersky researchers.

The cyber security vendor has been tracking the group for over four years and recent research suggested it had been working to improve its toolset and expand its operation – which now includes mobile threats.

Previous investigations into Transparent Tribe uncovered an Android implant it had distributed in India as either a pornographic clip or as part of a fake national COVID-19 tracking app.

The first application is a modified version of a simple open-source video player you can find on Android, according to Kaspersky. As it's installed, it uses an adult video to distract the user. The second application, known as "Aarogya Setu", is similar to the coronavirus tracking app developed by the government of India's National Informatics Centre – a department under the country's Ministry of Electronics and Information Technology.

Once downloaded, both applications will attempt to install a modified version of an Android-based Remote Access Tool (RAT). This is malware that has been customised by the attackers to extract data.

The researchers spotted the connection between the group and the two applications thanks to the related domains the hackers used to host malicious files for its different campaigns.

"The new findings underline the efforts of the Transparent Tribe members to add new tools that expand their operations even further and reach their victims via different attack vectors, which now include mobile devices," said Giampaolo Dedola, a senior security researcher at Kaspersky's Global Research and Analysis Team.

"We also see that the actor is steadily working on improving and modifying the tools they use. To stay protected from such threats, users need to be more careful than ever in assessing the sources they download content from and make sure that their devices are secure. This is especially relevant to those who know that they might become a target of an APT attack."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
New malware uses search engine ads to target pirate gamers
malware

New malware uses search engine ads to target pirate gamers

21 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021