SandStrike Spyware Infecting Android Devices through VPN Apps

SandStrike Spyware Infecting Android Devices through VPN Apps

The spyware is delivered through a malicious VPN app, and the preferred targets of attackers are Persian-speaking Baháʼí Faith practitioners.

Did you know 38% of VPN apps on Google Play Store are plagued with malware? Nonetheless, the IT security researchers at Kaspersky have discovered that threat actors are increasingly relying on SandStrike spyware that is specifically impacting Android devices.

The spyware is delivered through a malicious VPN app, and the preferred targets of attackers are Persian-speaking Baháʼí Faith practitioners. It is the name of a religion practiced mainly in the Middle East, particularly in Iran.

How SandStrikes Infect Devices

The previously undocumented spyware campaign was detected to be disguised as a harmless-looking VPN app, which is marketed as a potent method of bypassing censorship of religious content in certain parts of the Middle East.

For distributing SandStrike through the malicious VPN app, threat actors have set up Facebook and Instagram accounts boasting over 1,000 followers. These pages are designed with attention-grabbing religious content to trap those who adhere to the religion. Most of these accounts contain a Telegram channel link owned by the attacker.

Unsuspecting users download links to the malicious app, and SandStrike spyware also gets installed. Once on the device, it scans it for sensitive data and extracts the information from the attacker-controlled servers. The campaign is yet to be attributed to a specific threat actor/group.

What Data Does SandStrike Target?

SandStrike targets diverse data types, including call logs and contact lists, and monitors the victim’s device to keep track of the victim’s activities. The company noted in its APT trends report for Q3 2022 that the SandStrike spyware is distributed to access resources about the Bahá’í religion, which is banned in Iran.

Stay Protected from Such Threats

For businesses and government organizations, the use of threat intelligence has become increasingly important in recent years as the landscape of cyber threats has shifted and evolved.

Attackers are now more sophisticated and organized, and they are using more sophisticated methods to launch attacks. This has made it more difficult for traditional security defenses to keep up.

Threat intelligence can help organizations stay ahead of the curve by providing them with information about the latest threats and trends. This information can be used to improve security defenses and help organizations respond quickly to new attacks.

Organizations that use threat intelligence can stay one step ahead of attackers and protect themselves from the latest malware threats. By understanding the latest trends and techniques, they can develop better defenses and response plans to keep their systems safe.

For unsuspected users, it is a fact that in recent years, the number of spyware programs has increased dramatically, making it more important than ever for computer and smartphone users to know how to protect themselves.

While most people are aware of the need to install antivirus and anti-malware software, they may not realize that these programs do not always provide adequate protection against spyware.

There are a few simple steps that every user can take to protect themselves from spyware. First, be careful about what you download and install on your computer. Many spyware programs are installed without the user’s knowledge or consent when they visit malicious websites or download infected files.

Second, keep your software up to date. Both your operating system and your applications should be kept up to date with the latest security patches. Spyware authors are constantly finding new ways to exploit vulnerabilities, so it’s important to have the latest security fixes installed.

Use VirusTotal

VirusTotal is a free virus, malware, and URL online scanning service. It is one of the most popular online services used by computer users to scan files and URLs for viruses, malware, and malicious content.

VirusTotal scans files and URLs using over 50 antivirus engines and URL scanners. If a file or URL is detected by at least one scanner, it is considered malicious. VirusTotal also aggregates and analyses information from other sources, such as user comments and offense reports. This allows users to see if a file or URL has been reported as malicious by other users.

Fake VPN website delivering password-stealing malware

What is a VPN and what does data logging by a VPN means?

Popular free Android VPN apps on Play Store contain malware

This malware hides behind free VPN, pirated security software keys

Hackers clone ProtonVPN website to drop password stealer malware

Related Posts