Pakistani Android users hit by spyware campaign with malicious apps

Pakistani Android users hit by spyware campaign with malicious apps

The campaign is sophisticated considering the use of fake yet convincing apps and domains.


The use of the Android smartphone operating system is quite popular in Pakistan but at the same time, it is a lucrative target for cybercriminals and State-backed hackers, thanks to third-party stores. One such example is a recent report from Sophos according to which a sophisticated spyware campaign is targeting Android users in the country with the help of fake apps.


Espionage Operation Against Pakistani Users


Sophos cybersecurity researchers have uncovered a new spyware campaign whose primary targets are Android users in Pakistan. In this campaign, threat actors are using trojanized versions of genuine Android apps to spy on users.


See: Pakistani Govt’s passport application tracking site hacked with Scanbox framework


In their report, researchers wrote that they have identified a small ‘cluster of trojanized versions of Android apps,’ modified to add malicious features. These features make the app capable of carrying out surveillance and espionage silently. The clean versions of these apps are available on Google Play Store.

Apps Download a DEX Executable:


The modified apps are identical to their original counterparts and perform their legit functions normally and download a payload as an Android Dalvik executable file after profiling the victim’s phone. Most of the malicious features are embedded in the DEX payload. ..