SandStrike Spyware Infects Android devices through VPN apps

SandStrike Spyware Infects Android devices through VPN apps

Did you know 38% of VPN apps on the Google Play Store is plagued by malware? Nevertheless, the IT security researchers at Kaspersky have discovered that threat actors are increasingly relying on SandStrike spyware that specifically affects Android devices.

The spyware is delivered through a malicious VPN app, and the preferred targets of attackers are Persian-speaking Bahá’í believers. It is the name of a religion mainly practiced in the Middle East, especially in Iran.

How SandStrikes infect devices

The previously undocumented spyware campaign was discovered to be disguised as a harmless VPN app, which is marketed as a potent method of bypass censorship of religious content in certain parts of the Middle East.

To distribute SandStrike through the malicious VPN app, threat actors have set up Facebook and Instagram accounts with over 1,000 followers. These pages are designed with sensational religious content to capture those who adhere to the religion. Most of these accounts contain one Telegram channel link owned by the attacker.

Unsuspecting users download links to the malicious app and SandStrike spyware is also installed. Once on the device, it scans it for sensitive data and extracts the information from the attacker-controlled servers. The campaign has not yet been attributed to a specific threat actor/group.

What data does SandStrike target?

SandStrike targets various types of data, including call logs and contact lists, and monitors the victim’s device to keep track of the victim’s activities. The company noted in its APT Trend Report for Q3 2022 that the SandStrike spyware is being distributed to access resources about the Baha’i religion, which is banned in Iran.

See also  Guide to protecting your Google account from hackers

Stay protected from such threats

For companies and public organizations, use of threat intelligence has become increasingly important in recent years as the cyber threat landscape has changed and evolved.

Attackers are now more sophisticated and organized, and they use more sophisticated methods to launch attacks. This has made it harder for traditional security defenses to keep up.

Threat intelligence can help organizations stay ahead by providing them with information about the latest threats and trends. This information can be used to improve security defenses and help organizations respond quickly to new attacks.

Organizations that use threat intelligence can stay one step ahead of attackers and protect themselves against the latest harmful threats. By understanding the latest trends and techniques, they can develop better defenses and response plans to keep their systems safe.

For unsuspecting users, it is a fact that in recent years the number of spyware programs has increased dramatically, making it more important than ever for computer and smartphone users to know how to protect themselves.

While most people are aware of the need for it install antivirus and anti-malware softwarethey may not realize that these programs do not always provide adequate protection against spyware.

There are a few simple steps that every user can take to protect themselves from spyware. First, be careful what you download and install on your computer. Many spyware programs are installed without the user’s knowledge or consent when they visit malicious websites or download infected files.

Second, keep your software up to date. Both your operating system and your applications should be kept up to date with the latest security updates. Spyware authors are constantly finding new ways to exploit vulnerabilities, so it’s important to have the latest security patches installed.

See also  Urgent Alert sent to millions of Android users - act now or it could cost you

Use VirusTotal

VirusTotal is a free online virus, malware and URL scanning service. It is one of the most popular online services used by computer users to scan files and URLs for viruses, malware and malicious content.

VirusTotal scans files and URLs using over 50 antivirus engines and URL scanners. If a file or URL is detected by at least one scanner, it is considered malicious. VirusTotal also collects and analyzes information from other sources, such as user comments and legal violations. This allows users to see if a file or URL has been reported as malicious by other users.

Fake VPN site that delivers malware that steals passwords

What is a VPN and what does data logging by a VPN mean?

Popular free Android VPN apps on the Play Store contain malware

This malware hides behind free VPN, pirated security software keys

Hackers clone ProtonVPN website to release password stealer malware

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *