Spyware can come in many forms and in May last year Google’s threat analysis group revealed that state-sponsored hackers disguised their malicious software as a vpn app and uploaded it google play store.
The search giant’s Threat Analysis Group tracks a variety of threats and state-sponsored hackers to warn its users when they are targeted online. One of the more notable campaigns tracked recently was led by Iran’s state-sponsored hackers who go by the name apt35.
In May 2020, Google’s threat analysts found that APT35 had attempted to upload spyware Their malicious payload on the Google Play Store is disguised as a VPN app designed to look and feel ExpressVPN. If installed on the user’s devices, this fake VPN app can steal sensitive information including call logs, text messages, contacts and location data from the device.
Thankfully though, Google quickly found the app and removed it from the Play Store before any users had a chance to download and install it. However, the search giant has recently detected APT35 which is trying to distribute this fake VPN app to other platforms in July of 2021.
according to a new blog post From Google’s Threat Analysis Group, earlier this year APT35 tied up a website affiliated with a university in the UK to host a phishing kit.
After gaining control of the site, hackers sent email messages with links to it in an attempt to obtain credentials from several popular people. email services Including Gmail, Hotmail and Yahoo. Not only were potential victims tricked into activating invitations to join the fake webinar By logging in but APT35’s phishing kit was also able to ask for two-factor authentication (2FA) codes sent to their devices.
While the technology is also popular with cybercriminals, APT35 has targeted high-value accounts since 2017 in a variety of industries such as government, academia, journalism, NGOs, foreign policy, and even national security. To rely on it.
When Google suspects that a government-backed hacking group such as APT35 is targeting its users, its threat analysis group sends a warning To let them know that they have been identified as a target. Plus, the company also blocks malicious domains using Google Safe Browsing which is built into Chrome.
As cyber threats have increased over the years, Google is now encouraging ‘high risk’ users to sign up for advanced security program And the company plans 10,000 . also have to distribute security key them throughout 2021.