Bahamut promoting phony VPN apps on Android

Share post:

Bahamut, a well-known cyber-mercenary group, is currently targeting Android devices with bogus VPN apps and injecting malware into them to steal user credentials using a trojanized version of legitimate software SoftVPN and OpenVPN. Luká tefanko of Slovakian cybersecurity firm ESET discovered the malware-laden apps first.

The hackers’ goal is to steal contact and call data, device location, and messages from multiple apps, and they use malicious versions of SoftVPN, SecureVPN, and OpenVPN software to accomplish this.

The campaign began on January 22. The bogus SecureVPN website distributes the fake VPN apps, which are delivered via the website thesecurevpn[.]com, which is a spoof of the real SecureVPN site but lacks the content and styling of the legitimate SecureVPN service (at the domain securevpn.com).

At least eight versions of the spyware repackaged with Bahamut spyware were discovered by the researchers. SecureVPN 104.apk, SecureVPN 105.apk, SecureVPN 106.apk, SecureVPN 107.apk, SecureVPN 108.apk, SecureVPN 109.apk, SecureVPN 1010.apk, and SecureVPN 1010b.apk are the versions. They all contained code that had previously only been seen in operations attributed to Bahamut.

Key logging is used to steal private sensitive data while exploiting Android’s accessibility service. While providing VPN services, it can also actively spy on chat messages exchanged via popular messaging apps such as Signal, Viber, WhatsApp, Telegram, and Facebook Messenger.

There were none of the trojanized VPN versions available on Google Play.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

YouTubers Targeted As Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results

Attackers have found a new way to infect people seeking pirated or cracked software: planting malicious download links...

New macOS Malware Exploits Apple’s Security Features to Stay Hidden and Steal User Data

A newly discovered variant of the Banshee macOS Stealer malware is putting 100 million Apple users at risk...

Microsoft MFA Outage Blocks Access to Microsoft 365 Apps, Raising Cloud Reliability Concerns

Microsoft faced another significant service disruption over the weekend, with a Multi-Factor Authentication (MFA) outage that blocked users...

Cyber Attack Hits Key Dutch University, Raising Concerns for Chip Giant ASML

Eindhoven University of Technology, a critical partner for semiconductor giant ASML Holding NV, has been hit by a...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways