Select Page

Individuals in the Pakistan region have been targeted using two rogue Android apps available on the Google Play Store as part of a new targeted campaign.

Cybersecurity firm Cyfirma attributed the campaign with moderate confidence to a threat actor known as DoNot Team, which is also tracked as APT-C-35 and Viceroy Tiger.

The espionage activity involves duping Android smartphone owners into downloading a program that’s used to extract contact and location data from unwitting victims.

“The motive behind the attack is to gather information via the stager payload and use the gathered information for the second-stage attack, using malware with more destructive features,” the company said.

DoNot Team is a suspected India-nexus threat actor that has a reputation for carrying out attacks against various countries in South Asia. It has been active since at least 2016.

While an October 2021 report from Amnesty International linked the group’s attack infrastructure to an Indian cybersecurity company called Innefu Labs, Group-IB, in February 2023, said it identified overlaps between DoNot Team and SideWinder, another hacking crew of likely Indian origin.

images from Hacker News