October 31, 2023 at 01:55PM
APT group Arid Viper is targeting Arabic-speaking Android users with a fake dating app called Skipped. It collects sensitive user information by sharing malicious links disguised as updates. The attackers control the domains used in the campaign and have been active since April 2022. The malware can disable security notifications and deploy more malicious applications.
Key Takeaways from Meeting Notes:
– APT group Arid Viper is targeting Arabic-speaking Android users with a malicious version of a dating app named Skipped.
– The group creates a spoof version of the app, similar in name, and makes it available for download in the Google Play store.
– Once downloaded, the app prompts users to watch a tutorial video that contains malicious links disguised as updates.
– These links direct users to an attacker-controlled domain, where custom malware is served.
– The YouTube account associated with the attackers was created in March 2022 and has uploaded only one video with around 50 views.
– The domains used by Arid Viper in this campaign are registered, operated, and controlled solely by them, following the same naming patterns as seen in previous iterations of their infrastructure.
– The malware is capable of disabling security notifications, collecting sensitive user information, and deploying additional malicious applications on compromised devices.
– The researchers have determined that the malware campaign has been active since at least April 2022.