{"id":1055,"date":"2020-10-02T08:25:06","date_gmt":"2020-10-02T07:25:06","guid":{"rendered":"http:\/\/zerothcode.com\/blog\/?p=1055"},"modified":"2020-10-02T08:27:44","modified_gmt":"2020-10-02T07:27:44","slug":"android-mobile-hacking","status":"publish","type":"post","link":"https:\/\/zerothcode.com\/blog\/android-mobile-hacking\/","title":{"rendered":"Beware: New Android Spyware Found Posing as Telegram and Threema Apps"},"content":{"rendered":"<p>android mobile hacking A hacking group known for its attacks in the Middle East, at least since 2017,<\/p>\n<p>has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware.<\/p>\n<h4>&#8220;Compared to the versions documented in 2017, Android\/SpyC23. android mobile hacking<\/h4>\n<p>A has extended spying functionality, including reading notifications from messaging apps, call recording and screen recording, and new stealth features,<\/p>\n<p>such as dismissing notifications from built-in Android security apps,&#8221; cybersecurity firm ESET\u00a0said\u00a0in a Wednesday analysis.<\/p>\n<p>First detailed by Qihoo 360 in 2017 under the moniker\u00a0Two-tailed Scorpion (aka APT-C-23 or Desert Scorpion),<\/p>\n<p>the mobile malware has been deemed &#8220;surveillance ware&#8221; for its abilities to spy on the devices of targeted<\/p>\n<h4>individuals, android mobile hacking<\/h4>\n<p>exfiltrating call logs, contacts, location, messages, photos, and other sensitive documents in the process.<\/p>\n<p>In 2018, Symantec discovered a\u00a0newer variant\u00a0of the campaign that employed a malicious media player<\/p>\n<p>as a lure to grab information from the device and trick victims into installing additional malware.<\/p>\n<p>Then\u00a0earlier this year, Check Point Research detailed fresh signs of APT-C-23 activity<\/p>\n<p>when Hamas operators posed as young teenage girls on Facebook, Instagram, and Telegram to lure Israeli soldiers into<\/p>\n<p>installing malware-infected apps on their phones.<\/p>\n<div class=\"separator\"><a href=\"https:\/\/thehackernews.com\/images\/-ULVbHlMv_QU\/X3Wu2-U8Z3I\/AAAAAAAAA1A\/D-WGYdFoNkomBR1mlvt2pfYBAHlk9elOQCLcBGAsYHQ\/s0\/hacking.jpg\"><img decoding=\"async\" title=\"android mobile hacking app\" src=\"https:\/\/thehackernews.com\/images\/-ULVbHlMv_QU\/X3Wu2-U8Z3I\/AAAAAAAAA1A\/D-WGYdFoNkomBR1mlvt2pfYBAHlk9elOQCLcBGAsYHQ\/s728-e1000\/hacking.jpg\" alt=\"android mobile hacking app\" border=\"0\" data-original-height=\"382\" data-original-width=\"728\" \/><\/a><\/div>\n<p>The latest version of the spyware detailed by ESET expands on these features,<\/p>\n<p>including the ability to collect information from social media and messaging apps via screen recording and screenshots,<\/p>\n<p>and even capture incoming and outgoing calls in WhatsApp and read the text of notifications from social media apps,<\/p>\n<p>including WhatsApp, Viber, Facebook, Skype, and Messenger.<\/p>\n<p>The infection begins when a victim visits a fake Android app store called &#8220;DigitalApps,&#8221;<\/p>\n<p>and downloads apps such as Telegram, Threema, and message, suggesting that the group&#8217;s motivation behind impersonating messaging apps is to<\/p>\n<p>&#8220;justify the various permissions requested by the malware.&#8221;<\/p>\n<p>In addition to requesting invasive permissions to read notifications, turn off Google Play Protect,<\/p>\n<p>and record a user&#8217;s screen under the guise of security and privacy features,<\/p>\n<p>android mobile hacking<\/p>\n<p>the malware communicates with its command-and-control (C2) server to register the newly infected victim and transmit the device information.<\/p>\n<p>The C2 servers, which typically masquerade as websites under maintenance, are also responsible for relaying the commands to the compromised phone,<\/p>\n<p>which can be used to record audio, restart Wi-Fi, uninstall any app installed on the device, among others.<\/p>\n<p>What&#8217;s more, it also comes equipped with a new feature that allows it to stealthily make a call while creating a black screen overlay to mask the call activity.<\/p>\n<p>&#8220;Our research shows that the APT-C-23 group is still active, enhancing its mobile toolset and running new operations. android mobile hacking<\/p>\n<p>Android\/SpyC32.A \u2013 the group&#8217;s newest spyware version<\/p>\n<p>\u2014 features several improvements making it more dangerous to victims,&#8221; ESET said.<\/p>\n<p>Apps downloaded from fraudulent third-party app stores has been a conduit for Android malware in recent years.<\/p>\n<p>It&#8217;s always essential to stick to official sources to limit risk,<\/p>\n<p>and scrutinize permissions requested by apps before installing them on the device. android mobile hacking<\/p>\n<p>You May Also interested to read this article<\/p>\n<p><a href=\"http:\/\/zerothcode.com\/blog\/play-store-coronavirus-outbreak\/\">http:\/\/zerothcode.com\/blog\/play-store-coronavirus-outbreak\/<\/a><\/p>\n<p><a href=\"http:\/\/zerothcode.com\/blog\/burp-suite-monitor-endpoints\/\">http:\/\/zerothcode.com\/blog\/burp-suite-monitor-endpoints\/<\/a><\/p>\n<p><a href=\"http:\/\/zerothcode.com\/blog\/traxss-automated-xss-scanner\/\">http:\/\/zerothcode.com\/blog\/traxss-automated-xss-scanner\/<\/a><\/p>\n<p><a href=\"http:\/\/zerothcode.com\/blog\/penta-automate-pentesting\/\">http:\/\/zerothcode.com\/blog\/penta-automate-pentesting\/<\/a><\/p>\n<p>Have something to say about this article? Comment below or share it with us on\u00a0<a href=\"https:\/\/www.facebook.com\/zerothcode\">Facebook<\/a>,\u00a0<a href=\"https:\/\/twitter.com\/zerothcode\">Twitter<\/a>,\u00a0or our\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/zerothcode\/\">LinkedIn Group<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>android mobile hacking A hacking group known for its attacks in the Middle East, at least since 2017, has recently<\/p>\n","protected":false},"author":1,"featured_media":1056,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[37],"tags":[],"yst_prominent_words":[160,307,172,193,69],"class_list":["post-1055","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hackers-news"],"_links":{"self":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/1055","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/comments?post=1055"}],"version-history":[{"count":0,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/posts\/1055\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media\/1056"}],"wp:attachment":[{"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/media?parent=1055"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/categories?post=1055"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/tags?post=1055"},{"taxonomy":"yst_prominent_words","embeddable":true,"href":"https:\/\/zerothcode.com\/blog\/wp-json\/wp\/v2\/yst_prominent_words?post=1055"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}