HQ/EMEAFind out how we can help your business
The StrongPity APT is a cyberespionage group that emerged at least a decade ago. This advanced persistent threat group known as Promethium primarily deploys its campaigns in Turkey and Syria.
The group has kept its TTPs the same despite their age, but it continues to adopt other attack strategies to make its attacks more efficient in these modern times.
The StrongPity APT group was spreading a fake Android application to deceive its victims and execute its plans.
According to an investigation, the StrongPity APT was discovered spreading a malicious Android app that uses a fake website that impersonates a legitimate random-video-chat platform.
Researchers explained that the fake website is an impersonation of the Shagle site. The actors used the platform to prompt its victims into downloading their compromised APK files. The downloaded APK is a trojanised version of the standard Telegram app for Android with an added backdoor. The website has been active since November, a couple of years ago.
Based on reports, the malicious app requests access to the target’s Accessibility Service and retrieves an AES-encrypted archive from the threat actor’s command-and-control server.
The file contains about 11 binary modules, which are dynamically executed by the backdoor to run several actions on the targeted device. Furthermore, the modules allow hackers to commit espionage on their victims, such as phone call recording, device tracking, and SMS message harvesting.
The module could also let hackers collect call logs, contact lists, and files.
The Accessibility Services permissions could also provide the hackers with the ability to read notifications from numerous applications such as Instagram, Kik, LINE, Messenger, Skype, Snapchat, Tango, Telegram, Gmail, Hangouts, Tinder, WeChat, Twitter, and Viber.
The stolen data is kept by the backdoor in the application’s directory, encrypted via AES, and returned to the APT’s command-and-control server.
One of the primary weapons of the StrongPity group is the use of malicious websites that offers various software products to deceive victims into downloading their fake applications. Therefore, Android users should be cautious in dealing with APKs from third-party sources since malicious threat actors might manage some.
