Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated
Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users. In this campaign, the actors leverage custom mobile malware, also known as Android Package files (APKs), to collect sensitive information from targets and deploy additional malware onto infected devices.Although Arid Viper is believed to be based out of Gaza, Cisco Talos has no evidence indicating or refuting that this campaign is related in any way to the Israel-Hamas war. Furthermore, the publication of this research was delayed while Talos was performing the due diligence with law enforcement.The mobile malware used in this campaign shares similarities with a non-malicious online dating application, referred to as Skipped. The malware specifically uses a similar name and the same shared project on the applications’ development platform. This overlap suggests the Arid Viper operators are either linked to Skipped’s developer or somehow gained illicit access to the shared project’s database. Our analysis uncovered an array of simulated dating applications that are linked to Skipped, leading us to assess that Arid Viper operators may seek to leverage these additional applications in future malicious campaigns.In order to coerce users into downloading their mobile malware, Arid Viper operators share malicious links masquerading as updates to the dating applications, that instead deliver malware to the user’s device.Arid Viper’s Android malware has a number of features that enable the operators to disable security notifications, collect users’ sensitive information, and deploy additional malicious applications on the compromised device.
Arid Viper mobile malware shares similarities with non-malicious dating application
The mobile malware deployed by Arid Viper in this campaign shares similarities with the non-malicious dating application S ..
Support the originator by clicking the read the rest link below.
