A StrongPity campaign, a spy campaign targeting Android users, has been identified by ESET Research. In fact, researchers from ESET, the leading European publisher of security solutions, have identified an active StrongPity campaign distributing a “trojanized” version of the Telegram application.
Running since November 2021, the campaign distributed a malicious app via a website posing as Shagle, a random video chat service that provides encrypted communications between strangers.
Unlike the real Shagle site which is completely web-based and does not offer an official mobile app, the copy site only provides an Android app for download and no web streaming is possible.
This StrongPity backdoor has several spying features: its 11 dynamically activated modules are responsible for phone call logging, SMS message collection, call log lists, contact lists and much more.
These modules are being documented for the first time. If the victim grants the accessibility services of the StrongPity malicious application, one of its modules will also have access to incoming notifications and will be able to exfiltrate communications from 17 applications such as Viber, Skype, Gmail, Messenger and Tinder.
For more technical information about the StrongPity group attack, see the article “StrongPity Spy Campaign Targeting Android Users” on WeLiveSecurity.
Tekiano with ESET
Read also:
ESET discovers first cryptocurrency malware on Google Play
#StrongPity #spy #campaign #targeting #Android #users #identified #ESET #Research
0 Comments