While most Indians are busy with the Indian Premier League (IPL) and the Lok Sabha elections, this week turned out to be quite alarming for mobile users, in terms of newer threats and cyberattacks.
Apple has issued a threat notification about mercenary spyware attacks on a very small number of specific individuals and their devices in 92 countries. Security services provider
ESET warned about an active espionage campaign 'eXotic Visit', targeting Android users in India and Pakistan via fake messaging apps that are distributed through websites and Google Play.
Let us understand these new threats and how we can protect ourselves.
Mercenary spyware
According to Apple, mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. These attacks are vastly more complex than regular cybercriminal activity and consumer malware.
"Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date, we have notified users in over 150 countries in total. The extreme cost, sophistication, and worldwide nature of mercenary spyware attacks make them some of the most advanced digital threats in existence today," it says.
Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much more challenging to detect and prevent, Apple says, adding that the vast majority of users will never be targeted by such attacks.
According to public reporting and research by civil society organisations, technology firms, and journalists, individually targeted attacks of such exceptional cost and complexity have historically been associated with state actors (governments), including private companies developing mercenary spyware on their behalf, such as Pegasus from the Israel-based NSO group.
In November 2021, Apple filed a lawsuit against the Israel-based company that developed the infamous Pegasus spyware. It sought a permanent injunction to ban the NSO group from using any Apple software, services or devices. Apple had followed WhatsApp and its parent company Meta (formerly Facebook) in suing Pegasus spyware maker NSO group.
According to Apple, mercenary spyware attacks are exceptionally well-funded and evolve over time. "Though deployed against a very small number of individuals — often journalists, activists, politicians, and diplomats — mercenary spyware attacks are ongoing and global."
While there are no perfect solutions to protect users from mercenary spyware attacks, here are a few suggestions from Apple.
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Do not click on links or attachments from unknown senders
'eXotic Visit' espionage targeting Android
ESET researchers have discovered an active espionage campaign targeting Android users with apps primarily posing as messaging services. "The eXotic Visit campaign appears to primarily target a select group of Android users in Pakistan and India. There is no indication that this campaign is linked to any known group; however, we are tracking the threat actors behind it under the moniker Virtual Invaders."
The Android espionage campaign, named 'eXotic Visit' by ESET, started in late 2021 and mainly impersonates messaging apps that are distributed through dedicated websites and Google Play.
According to ESET, apps that contain open-source XploitSPY malware can extract contact lists and files, get the device's GPS location and the names of files listed in specific directories related to the camera, downloads, and various messaging apps such as Telegram and WhatsApp. "If certain filenames are identified as being of interest, they can subsequently be extracted from these directories via an additional command from the command and control (C&C) server. Interestingly, the implementation of the chat functionality integrated with XploitSPY is unique; we strongly believe that this chat function was developed by the Virtual Invaders group."
The malicious code is capable of listing files on the device, sending SMS messages, obtaining call logs, contacts, text messages, and a list of installed apps, getting a list of surrounding Wi-Fi networks, device location, and user accounts, taking pictures using the camera, recording audio from the device's surroundings, and intercepting notifications received for WhatsApp, Signal, and any other notification that contains the string new messages.
ESET says its research indicates that malicious apps developed by 'eXotic Visit' were distributed through Google Play and dedicated websites, and four of those apps, Sim Info, Telco DB (com.infinitetechnology.telcodb), Shah jee Foods, and Specialist Hospital mostly targeted users in Pakistan and India. While the three apps targeted Android users from Pakistan, the Specialist Hospital app hit Indian users.
After starting, the app requests the permissions necessary to perform its malicious activities and then requests the user to install a legitimate app for Specialist Hospital in India from Google Play.
Here are a few suggestions to protect oneself from such malicious (read: dangerous malware) apps
- Download software, files and applications only from reputable sources. Avoid downloading cracked (pirated) software or installation files (for example, Android package kit or apk files) from unofficial websites, as they may contain malware.
- Use strong, unique passwords for all your accounts. Avoid using the same.
- Use good quality antivirus or anti-malware software and update it regularly.
- Ensure that the device's operating system and all software (apps) are up-to-date with the latest security patches. Use automatic updates whenever possible.
As Joshua AT Fairfield wrote in 'Owned: Property, Privacy, and the New Digital Serfdom', "If we do not take back our ownership rights from software companies and overreaching governments, we will become digital peasants, only able to use our smart devices, our homes, our cars, and even our own software-enabled medical implants purely at the whim of others."
Stay Alert, Stay Safe!
