HomeUpdateHere is why you need to keep updating your system security

Here is why you need to keep updating your system security


We independently research, test, review, and recommend the best products—learn more about our process. If you buy something through our links, we may earn a commission. learn more

Last Updated on 29/11/2021 by Nidhi Khandelwal

A threat actor notorious for targeting targets in the Middle East has improved its Android spyware, allowing it to be stealthier and more persistent while passing itself off as seemingly innocuous app updates to remain undetected.

In a report published Tuesday, Sophos threat researcher Pankaj Kohli said that the new variants have “incorporated new features into their malicious apps that make them more resilient to actions by users, who might try to remove them manually, and to security and web hosting companies that try to block access to, or shut down, their command-and-control server domains.”

Here is why you need to keep updating your system security 1

The mobile spyware has been a preferred tool of choice for the APT-C-23 threat group since at least 2017, with successive iterations featuring expanded surveillance functionality to vacuum files, images, contacts, and call logs, read notifications from messaging apps, record calls (including WhatsApp), and dismiss notifications from built-in Android security apps.

The malware has already been disseminated through phoney Android software stores posing as AndroidUpdate, Threema, and Telegram. The latest campaign is similar in that it uses apps with names like App Upgrades, System Apps Updates, and Android Update Intelligence to ostensibly install updates on the target’s phone. The spyware app is thought to be delivered by the attackers delivering a download link to the victim via phishing messages.

Here is why you need to keep updating your system security 2

Once installed, the app begins seeking invasive permissions in order to carry out a series of harmful behaviours that are designed to evade manual removal. Not only does the programme modify its symbol to blend in with famous apps like Chrome, Google, Google Play, and YouTube, but if the user clicks the false icon, the authentic version of the software launches in the background, conducting surveillance duties.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

Data Science Drives Personalized Marketing and Customer Engagement to New Heights...

Personalized marketing and customer engagement are crucial for businesses to thrive in the current digital era. Because data science makes it possible for marketers...