‘EXotic Visit’, an Android malware campaign has been targeting users located in South Asia from the Google Play Store.
The cybersecurity firm Slovak has been tracking the campaign since November 2021 using the moniker Virtual Invaders. No known threat actor group is linked to the campaign. EXotic Visit is also said to be highly targeted in its approach. The fake apps in the Google Play Store are functional, but contain open source code. These apps pose as messaging services like Alpha Chat and Signal Lite, however, the affected apps have been removed from Google Play. Around 380 victims downloaded the apps and created accounts. The malware campaign has primarily targeted users located in both India and Pakistan. Some apps are posing as food delivery services in Pakistan, with one impersonating a hospital in India. These malicious apps were able to use malware to gather biographic data as well as recordings, messages and call logs from victims. The actors behind eXotic Visit were able to evade detection through obfuscation techniques as well as the hiding of command and control addresses.
Read more:
https://thehackernews.com/2024/04/exotic-visit-spyware-campaign-targets.html