The Android BadBazaar malware is being distributed through the Google Play store, Samsung Galaxy Store, and dedicated websites mimicimg Signal Plus Messenger and FlyGram malicious applications.
These active campaigns are connected to the China-aligned APT organization known as GREF. Uyghurs and other Turkic ethnic minorities have historically been the target of the spyware known as BadBazaar.
The BadBazaar malware family has already been targeted, and the FlyGram malware was also observed being spread in a Uyghur Telegram channel.
According to ESET researchers, Germany, Poland, the U.S., Ukraine, Australia, Brazil, Denmark, Congo-Kinshasa, Hong Kong, Hungary, Lithuania, the Netherlands, Portugal, Singapore, Spain, and Yemen are the countries where victims have been found most often.
Specifics of the Attack
Researchers found active Android campaigns where malicious apps with the names Signal Plus Messenger and FlyGram were uploaded and disseminated through the Google Play store, Samsung Galaxy Store, and specific websites, imitating the Signal app (signalplus[.]org) and a Telegram alternative app (flygram[.]org).
The primary objective of BadBazaar is to steal device information such as the contact list, call logs, and the list of installed applications, as well as to spy on Signal conversations by secretly attaching the victim’s Signal Plus Messenger app to the attacker’s mobile device.
Signal Plus Messenger is available on Google Pla ..
Support the originator by clicking the read the rest link below.
