It is currently very difficult to determine where to “step” on the Internet, whether it is safe or not. Many apps and links may contain malicious paths leading to stolen data, cloned cell phones, and other malicious digital activities.

OUR ESETa company specializing in the proactive detection of digital threats has revealed a spying campaign aimed at users using the system android.

Malicious attack on the user data of the Android system

This new campaign, which may affect Android users, belongs to the group APT StrongPity. The campaign, active since November 2021, distributes a fraudulent application that pretends to be Shaglea video chat service that offers encrypted communication between users.

Unlike the official platform, which does not offer a mobile app, the fake website provides Android users with the option to download the app.

This back door StrongPity has several spy features and its 11 dynamically activated modules allow you to record phone calls, collect SMS messages, access call log list, contact list, etc. Its modules can also access incoming notifications by filtering messages from 17 applications, including viber, skype, gmail, messenger and Tinder.

Key points of the ESET study:

• In order to reach and deceive as many people as possible, the fake app has backdoor features using a website that mimics the official Shagle;
• The app downloaded from the fake website is a modified version of the app. Telegram open source structured with backdoor code;
• ESET attributes this threat to the StongPity group based on the similarity of the code to the backdoor used in the scam campaign, in addition to the fact that the app is signed with a certificate previously used by cybercriminals;
• The StrongPity backdoor is modular and has many spy features. All required binaries are AES encrypted and downloaded from your C&C server;
• The described modules and functionality of the malware are publicly documented for the first time.

“The malicious app is essentially a fully functional but Trojan version of the legitimate Telegram app. However, it is presented as a Shagle app that doesn’t exist. We call this app a fake Shagle, a Telegram trojan app, or a StrongPity backdoor. ESET products detect this threat as Android/StrongPity.A“, – comments Gutierrez Amaya from ESET.

On a fake website, the HTML code contains evidence that it was copied from a legitimate website on November 1, 2021 using the tool HTTrack. The malicious domain was registered on the same day, so the website and fake Shagle app could have been available for download from that date.

“The fake app was hosted by a site posing as the official Shagle. There was no trick to suggest that the app was available on Google Play and we don’t know how potential victims were lured or discovered the fake website.” concludes Gutierrez Amaya.

ESET does interesting work not only in regards to digital security, but also creates content on the subject with texts and a podcast on its website.

Mundo Conectado Deal Center: selection of discounts and lowest prices
Best deals on electronics, cell phones, TVs, soundbars, drones and more

Source: ESET

…..