At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Bad Actor Uses Fake Android Chat to Install Malware

    Researchers at CYFIRMA warn that the Bahamut threat actor is using a malicious Android app to deliver malware. 

    “The suspected Android malware, known initially as ‘CoverIm’ was delivered to victims via WhatsApp, and was found to be disguised as a dummy chatting application named ‘SafeChat,’” the researchers write. “The user interface of this app successfully deceives users into believing its authenticity, allowing the threat actor to extract all the necessary information, before the victim realizes that the app is a dummy, the malware cleverly exploits unsuspecting Android Libraries to extract and transmit data to a command-and-control server.”

    After the app is installed, it will continually ask the user to grant it accessibility permissions.

    “Once the user clicks on ‘Allow’…the app takes the user to the accessibility page and asks the victim to enable accessibility for the Safe Chat app,” the researchers write. “Once the accessibility is on, then the malware will capture activity on screen including keystrokes. Until it is enabled, the app will throw a pop-up message again and again.”

    While Bahamut was previously believed to be a mercenary group, CYFIRMA believes the threat actor is based in India and works for a single nation-state government.

    “In this specific attack, the threat actor conducted targeted spear messaging attacks on WhatsApp Messenger, focusing on individuals in the South Asia region,” the researchers write. “The malicious payload was delivered directly through WhatsApp chat. The attack on the individual served the interest of one nation state government. The nature of this attack, along with previous incidents involving APT Bahamut, possibly indicate that it was carried out to serve the interests of one nation state government. Notably, APT Bahamut has previously targeted Khalistan supporters, advocating for a separate nation, posing an external threat to India. The threat actor has also aimed at military establishments in Pakistan and individuals in Kashmir, all aligning with the interests of one nation state government.”

    New-school security awareness training can give your employees a healthy sense of suspicion so they can avoid falling for social engineering attacks.

    CYFIRMA has the story.

    Get Your Ransomware Hostage Rescue Manual

    This 26-page manual is packed with actionable info that you need to prevent infections, and what to do when you are hit with ransomware. You also get a Ransomware Attack Response Checklist and Prevention Checklist. You will learn more about:

    1. What is Ransomware?
    2. Am I Infected?
    3. I’m Infected, Now What?
    4. Protecting Yourself in the Future
    5. Resources

    Don’t be taken hostage by ransomware. Download your rescue manual now! 

    Get Your Manual

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-hostage-rescue-manual-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top