HQ/EMEAFind out how we can help your business
A new cyber threat called “Starry Addax” has emerged in North Africa. Based on reports, this campaign targeted activists supporting the Sahrawi Arab Democratic Republic (SADR) cause, an organisation composed of human rights activists. This group uses an elusive mobile malware called “FlexStarling” to execute attacks.
Moreover, the Starry Addax group’s strategy involves deceiving people into installing harmful Android apps disguised as legitimate and harmless tools. These apps pretend to be from the Sahara Press Service but deliver malware to smartphones that can access sensitive information.
The group’s infrastructure is like websites with names such as ondroid[.]site and ondroid[.]store indicating that they are targeting both Android and Windows users. In addition, the malicious group sets up fake login pages for popular media sites for Windows users that would trick users and aim to steal login details.
The Starry Addax group have been using spear-phishing campaigns to target and compromise individuals who support the Sahrawi Arab Democratic Republic’s cause.
According to researchers tracking the Starry Addax cybercriminal operation since earlier this year, the group is using spear-phishing campaigns to target individuals who support the SADR cause.
The researchers emphasised that the group uses sophisticated tactics and elusive tools to bypass security detection. The primary malware that they use for their attacks is FlexStarling.
The malware has advanced features and a command-and-control (C2) infrastructure based on Firebase. This feature enables the threat actors to control infected devices discreetly to avoid raising suspicions from users and security defences.
Furthermore, FlexStarling requests extensive permissions on Android devices, enabling it to extract sensitive data. It also uses tricks to avoid detection, like checking if the infected device initiates an analysis after successfully infecting the system. It also requests permission to manage files on the device, allowing Starry Addax to harvest more information.
To communicate with its C2 server, FlexStarling generates specific codes and compares them to predetermined ones. If they match, the malware runs commands without raising any red flags.
Starry Addax is a new threat to human rights defenders in North Africa. They are using sophisticated techniques to infect devices with malware and steal sensitive information, which will be a formidable foe for these activists.
