Cyberespionage operation Bahamut has leveraged fake VPN apps in a malicious campaign targeted at exfiltrating sensitive data from Android devices, according to The Hacker News.
Eight different spyware apps including trojanized SoftVPN and OpenVPN apps have been distributed by Bahamut since January via a fraudulent SecureVPN website, a report from ESET showed.
Victims of the attacks are believed to be carefully chosen by the attackers, who have lured their targets into installing the malicious VPN apps that could not only gather files, text messages, and contact lists, but also locations, phone call recordings, and messages from Facebook Messenger, Signal, Telegram, Viber, WeChat, and WhatsApp.
"The mobile campaign operated by the Bahamut APT group is still active; it uses the same method of distributing its Android spyware apps via websites that impersonate or masquerade as legitimate services, as has been seen in the past," said ESET researcher Luk tefanko.