We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle.press/, which was advertising a chat app called “Chatrious.” Users can download the malicious Android application package (APK) file by clicking the download button indicated on the site.Read More
We found cyberespionage group TICK targeting critical systems and enterprises, attempting to steal information to benefit this APT group’s sponsor. In this research brief, we show the timeline of the group’s activities and malware development, as well as the technical analyses of the new malware families, modified tools, and upgraded malware routines.Read More
We uncovered a cyberespionage campaign targeting Middle Eastern countries. We named this campaign “Bouncing Golf” based on the malware’s code in the package named “golf.” The malware involved, which Trend Micro detects as AndroidOS_GolfSpy.HRX, is notable for its wide range of cyberespionage capabilities. Malicious codes are embedded in apps that the operators repackaged from legitimate applications. Monitoring the command and control (C&C) servers used by Bouncing Golf, we’ve so far observed more than 660 Android devices infected with GolfSpy. Much of the information being stolen appear to be military-related.
The campaign’s attack vector is also interesting. These repackaged, malware-laden apps are neither on Google Play nor popular third-party app marketplaces, and we only saw the website hosting the malicious apps being promoted on social media when we followed GolfSpy’s trail. We were also able to analyze some GolfSpy samples sourced from the Trend Micro mobile app reputation service.Read More
Why would Pawn Storm, the long-running cyber-espionage campaign, set its sights on a Russian punk rock group? Sure, Pussy Riot is controversial. Members of the feminist band had previously been thrown in jail for their subversive statements against the Orthodox Church and Russian patriarchal system. But why would attackers have any interest in them? What…Read More