Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based spyware campaign that disguises backdoors in legitimate Android apps, researchers have found. A group called BladeHawk is behind the campaign, discovered by researchers from cybersecurity firm ESET and active since at least March 2020, according to a report published this week. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles, researchers aid. “These profiles appeared to be providing Android news in Kurdish, and news for the Kurds’ supporters,” ESET malware researcher Lukas Stefanko wrote in the report, published Wednesday. “Some of the profiles deliberately spread additional spying apps to Facebook public groups with pro-Kurd content.” All in all, researchers identified six profiles as part of the BladeHawk campaign, which have been sharing the Android spying apps and targeted about 11,000 followers through 28 unique posts. The profiles have been reported to Facebook and since disabled, Stefanko said. Each of these posts in the campaign contained fake app descriptions and links to download an app, according to the post. Researches downloaded 17 unique Android application packages (APKs) from these links, some of which pointed directly to the malicious apps. “Two of the profiles were aimed at tech users, while the other four posed as Kurd supporters,” he wrote. “All these profiles were created in 2020 and shortly after creation they…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2021-09-09 07:26:002021-09-09 07:26:00BladeHawk Attackers Target Kurds with Android Apps
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org