Malware, Threat Intelligence, Phishing

Novel Android malware leveraged by DoNot Team

Male hand holding smart phone outside.

Attacks with new Android malware purporting to be the Tanzeem or Tanzeem Update messaging apps have been deployed by suspected Indian advanced persistent threat operation DoNot Team, also known as APT-C-35, SECTOR02, Origami Elephant, and Viceroy Tiger, to facilitate intelligence operations, reports The Hacker News.

Installation of Tanzeem or Tanzeem Update triggers a bogus chat page containing a "Start Chat" button, which when clicked would lure targets into permitting accessibility permissions as the app seeks permissions enabling contact, call log, location, account information, and external storage file exfiltration activities, according to an analysis from Cyfirma. Widely known customer engagement platform OneSignal has also been exploited by the Android app to deliver notifications believed to include phishing links enabling malware delivery. "The collected samples reveal a new tactic involving push notifications that encourage users to install additional Android malware, ensuring the persistence of the malware on the device. This tactic enhances the malware's ability to remain active on the targeted device, indicating the threat group's evolving intentions to continue participating in intelligence gathering for national interests," said Cyfirma.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds