Suspected Indian state-backed advanced persistent threat operation Sidewinder has exploited sweeping protests across Nepal earlier this month to facilitate attacks against Android and Windows devices, Cyber Security News reports.Android users have been targeted with phishing sites masquerading as the Nepalese Emergency Service login page, which redirects to an APK purporting to be a live news feed showing decoy content from Al Jazeera and other news outlets but downloads malware enabling the exfiltration of device data to a Sidewinder-controlled command-and-communications endpoint, according to a report from StrikeReady Labs researchers.On the other hand, Sidewinder has lured Windows users into downloading EmergencyApp.exe from a fake Emergency Helpline portal, which results in the subsequent execution of background tasks for similar data compromise.Such findings, which detail Sidewinder's covert infection vector, should prompt more stringent indicators of compromise domain and anomalous APK installation tracking among security teams, according to researchers.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds