February 5, 2024 at 08:45AM
Patchwork used romance scam lures to distribute VajraSpy trojan in India and Pakistan. ESET uncovered 12 espionage apps, including some on Google Play, infecting over 1,400 devices. The malware steals various data and was spread through fake messaging apps. This isn’t the first time for Patchwork, which has targeted similar operations previously. Additionally, financially motivated actors from Pakistan and India targeted Indian Android users with a fake loan app. Teenagers from Australia, Canada, and the U.S. are also being increasingly targeted by financial sextortion attacks linked to Nigeria-based cybercriminals.
The meeting notes highlight a recent cyber espionage and cyber extortion activity carried out by the threat actor known as Patchwork. The actor used romance scam lures to distribute malicious apps, particularly targeting victims in Pakistan and India. The apps, masquerading as messaging applications and a news access app, were designed to compromise Android devices with a remote access trojan called VajraSpy. This trojan is capable of stealing contacts, files, call logs, SMS messages, and even WhatsApp and Signal messages. The note also mentions the use of fictitious personas on social media platforms to distribute rogue apps and the association of the threat actor with financially motivated extortion scams targeting Indian Android users. Additionally, there is mention of predatory loan apps targeting teenagers from Australia, Canada, and the U.S., and the broader trend of cybercriminals employing blackmail and harassment tactics to exploit victims.
Let me know if you need any further assistance or information.