Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
Arid Viper Camouflages Malware in Knockoff Dating App
The APT group uses updates from the app to get the user to download the malware.
APT group Arid Viper targets Arabic-speaking Android users with a spoof version of a dating app to collect sensitive user information.
According to research by Cisco Talos, the group replicates a dating app named Skipped with a malicious version using a similar name, available for download in the Google Play store.
Once downloaded, the operators share malicious links, masquerading as updates in order to get the user to a tutorial video. A URL in the video’s description directs users to an attacker-controlled domain that serves the custom malware.
The YouTube account was created in March 2022 and has only uploaded one video, which had around 50 views at the time of publishing the research. The company determined all of the domains used by the attackers in this campaign are solely registered, operated, and controlled by Arid Viper, and they follow the same naming patterns observed in previous iterations of Arid Viper infrastructure.
The malware can also disable security notifications, collect users' sensitive information, and deploy additional malicious applications on compromised devices. The researchers determined that the malware campaign has been active since at least April 2022.
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024