An APT group from Turkey named StrongPity has been detected to be using Android malware against the officials of the Syrian Government. Android malware has been used for the first time by the adversary. They used a trojanized version of the Android application of the victim.
The Attack-
Trend Micro revealed that the malicious application can steal contacts from the victim’s device and also collect files with the desired extensions. This apk is suspected to be spreading via a watering hole attack. The hackers may have been successful in compromising the official website of the government of Syria and replace the original application with the malicious one.
There is some indications that the malware has been removed since the URL which contained the malicious app, was seen to have the original one again.
Some other information-
The URL which delivered the malicious application not only had one malicious application but had six more versions of the same application at least. They also had a matching package name which was available on VirusTotal.
All versions were not detected to be harmful by the researchers. Some of them were the earlier version that was developed between February 2020 and March 2021.
Conclusion-
The StrongPity APT group has tried to expand its scope of attack by introducing malware which was based on android. One has to have a clear focus of achieving their objectives for being able to target the android security of the government.