HQ/EMEAFind out how we can help your business
Threat actors have compromised the well-known OpenVPN Android app by injecting spyware. The researchers have confirmed that SoftVPN and OpenVPN are maliciously modified to infect targets.
Based on reports, the cybersecurity attack that includes these malicious apps is deployed to steal numerous device details such as contacts, call data, device location, and messages. Researchers have linked this operation to an advanced persistent threat group, Bahamut.
This cybercriminal group allegedly offers a hack-for-hire service to compromise a specific target.
The Bahamut operators repackaged the OpenVPN Android app.
A recent analysis revealed that the Bahamut group had repackaged the SoftVPN and OpenVPN Android apps to inject several spying capabilities that the malware could potentially include during installation.
Hence, the actors have a sure way to deploy the spyware provided in the VPN app, which could affect the victim, especially their critical information.
The Bahamut group also used the name SecureVPN, a trustworthy VPN service, and created a fake website to distribute their compromised app and hide their operation.
A researcher explained that the hacker’s malicious VPN app could steal an infected device’s features, such as call logs, contacts, location details, and SMS. The app could also infiltrate and steal chats from multiple messaging applications such as WhatsApp, Telegram, Messenger, Viber, and Signal.
There are eight versions of the threat group’s spyware-laded VPN app. All versions are labeled with chronological numbers, implying that its authors constantly improve the payload.
Fortunately, most apps from the Bahamut group are not available on Google Play Store, the official application store for Android users. Therefore, it is recommended that Android phone owners looking for a VPN app should not download third-party sources.
The distribution method for this malicious app is still a mystery for most researchers. Still, many believed it could start from phishing emails, social media, or other communication platforms that could introduce the application.
Cybersecurity experts have consistently warned users regarding sketchy applications from unknown sources. Users should always remember that these attackers will likely put their attack tools in places that do not have security defences.
