April 10, 2024 at 10:34AM
An Android malware campaign named eXotic Visit is targeting users in South Asia, particularly in India and Pakistan, through fake apps distributed on dedicated websites and Google Play Store. The campaign uses the XploitSPY RAT to gather sensitive data, and its purpose is espionage targeting victims in the region. The malicious apps have been taken down.
Key takeaways from the meeting notes on the eXotic Visit Android malware campaign:
– The malware campaign is primarily targeting users in South Asia, particularly in India and Pakistan.
– It involves fake but functional apps masquerading as popular messaging services and other legitimate services, with very few installations on Google Play, ranging from zero to 45.
– The malware is designed to gather sensitive data from infected devices, such as GPS locations, microphone recordings, contacts, SMS messages, call logs, and more, as well as extract details from popular messaging apps.
– The threat actors behind this campaign have customized their malicious code to evade detection, including obfuscation, emulator detection, and hiding of command-and-control addresses.
– Distribution of the malicious apps started on dedicated websites and then moved to the official Google Play store, indicating a shift in tactics by the threat actors.
The purpose of the campaign is likely espionage, targeting victims in Pakistan and India.