Cybersecurity specialists at Cisco Talos have uncovered the most recent operations of the espionage-driven Arid Viper superior persistent menace (APT) group. The brand new marketing campaign, energetic since April 2022, has been focusing on Arabic-speaking Android customers.
In accordance with an advisory printed earlier at the moment, the modus operandi of Arid Viper entails the deployment of personalized cellular malware within the Android Bundle (APK) format.
One of many key mysteries surrounding the Arid Viper marketing campaign is the doable connection between the menace actor and the Israel-Hamas battle. Nevertheless, it’s important to notice that there’s no concrete proof both confirming or denying such a hyperlink. Cisco Talos mentioned they carried out thorough due diligence, collaborating carefully with regulation enforcement companies, earlier than making their findings public.
From a technical standpoint, one intriguing side of this operation is the putting resemblance between Arid Viper’s cellular malware and a legit relationship utility referred to as Skipped. The malware shares an analogous title and even makes use of the identical venture on the Firebase utility improvement platform.
The connection raises questions on whether or not Arid Viper has affiliations with the relationship app’s builders or in the event that they’ve unlawfully gained entry to the shared venture.
Learn extra on Arid Viper: Escanor RAT Malware Deployed Through Microsoft Workplace and PDF Paperwork
To lure unsuspecting customers into downloading their malicious cellular software program, Arid Viper operatives distribute hyperlinks masquerading as legit relationship app updates. These hyperlinks deploy malware onto the victims’ units.
The Android malware boasts a number of options, together with the flexibility to show off safety notifications, pilfer delicate info and inject further malicious functions into the compromised units.
The investigation by Cisco Talos additionally uncovered a posh community of dating-themed functions associated to Skipped. Notably, Skipped GmbH, the writer behind Skipped, is a German-based entity seemingly tied to quite a few relationship apps printed by corporations in Singapore and Dubai. Many of those functions immediate customers to buy “cash” for continued interplay, doubtlessly producing income for the APT operators.