Select Page

A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application.

Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group.

“SandStrike is distributed as a means to access resources about the Bahá’í religion that are banned in Iran,” the company noted in its APT trends report for the third quarter of 2022.

While the app is ostensibly designed to provide victims with a VPN connection to bypass the ban, it’s also configured to covertly siphon data from the victims’ devices, such as call logs, contacts, and even connect to a remote server to fetch additional commands.

The booby-trapped VPN service, while fully functional, is said to be distributed via a Telegram channel controlled by the adversary.

images from Hacker News