Malware found hiding disguised as Android security, VPN apps

Asian governments and embassies could be under attack

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

According to cybersecurity companyCyfirma, hacking group DoNot, also known as APT-C-35 and SectorE02, is behind several Android apps that are believed to have malware characteristics.

The group is believed to have been targeting South Asian victims since 2016 and has recently been linked to cyberattacks in the Kashmir region.

According to Cyfirma, the two-stage attack first collects information via a stager payload and then goes on to usemalwareto compromise targets linked to Pakistan.

Android malware apps

Fronting the attacks are the nSure Chat app which promises end-to-end encrypted messaging, Device Basics Plus which looks to present device and hardware statistics in a simple dashboard, and iKHfaa VPN, all developed by SecurITY Industry.

These are the best identity theft protection tools around>Researchers claim malware is rife on the Google Play Store>Cybercriminals can pay $20k to spread malware on the Google Play store

nSure Chat and iKHfaa VPN both appear to have malicious characteristics, with the VPN app having copied code from a legitimateVPN serviceprovider and injected additional libraries to silently perform malicious activity.

Permission to access phone contacts and system location are most concerning, with live location tracking enabled should the user accept.

In its report, Cyfirma suggests that the group may be linked to India, citing numerous sources including other security communities, and could even be backed by the government. Military, telecom, government, NGO, and embassy bodies all look to be the subjects of spear phishing, spear messaging, and social engineering attacks, which primarily revolve around the Android mobileoperating system, but also Windows.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

AGooglespokesperson confirmed in an email toTechRadar Pro:

“These apps have been removed fromGoogle Playand the developer has been banned.Google Play Protectprotects users from apps known to contain this malware on Android devices with Google Play Services, even when those apps come from other sources.”

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

3 reasons why PIA fell in our best VPN rankings

Is it still worth using Proton VPN Free?

Arcane season 2 confirms the hit series isn’t just one of the best Netflix shows ever made – it’s an animated legend that’ll stand the test of time