Attacks with new Android malware purporting to be the Tanzeem or Tanzeem Update messaging apps have been deployed by suspected Indian advanced persistent threat operation DoNot Team, also known as APT-C-35, SECTOR02, Origami Elephant, and Viceroy Tiger, to facilitate intelligence operations, reports The Hacker News.
Installation of Tanzeem or Tanzeem Update triggers a bogus chat page containing a "Start Chat" button, which when clicked would lure targets into permitting accessibility permissions as the app seeks permissions enabling contact, call log, location, account information, and external storage file exfiltration activities, according to an analysis from Cyfirma. Widely known customer engagement platform OneSignal has also been exploited by the Android app to deliver notifications believed to include phishing links enabling malware delivery. "The collected samples reveal a new tactic involving push notifications that encourage users to install additional Android malware, ensuring the persistence of the malware on the device. This tactic enhances the malware's ability to remain active on the targeted device, indicating the threat group's evolving intentions to continue participating in intelligence gathering for national interests," said Cyfirma.
