A previously undocumented Android spyware campaign has been found striking Persian-speaking individuals by masquerading as a seemingly harmless VPN application.
Russian cybersecurity firm Kaspersky is tracking the campaign under the moniker SandStrike. It has not been attributed to any particular threat group.
While the app is ostensibly designed to provide victims with a VPN connection to bypass the ban, it’s also configured to covertly siphon data from the victims’ devices, such as call logs, contacts, and even connect to a remote server to fetch additional commands.
The booby-trapped VPN service, while fully functional, is said to be distributed via a Telegram channel controlled by the adversary.
images from Hacker News