An Android espionage campaign has been observed using a malicious VPN application along with a new spyware named SandStrike to target Android users. This VPN app is being distributed by social media accounts with materials having attractive themes based on the targeted religious community.

The campaign

According to Kaspersky researchers, SandStrike adversaries are focusing on Persian-speaking practitioners of the Baháʼí faith, a religion developed in Iran and parts of the Middle East.
  • They are using Facebook and Instagram accounts for Andoird users, having more than 1,000 followers, and misleading them to an attacker-controlled Telegram channel.
  • This channel would provide them with links to download and install the booby-trapped VPN application to access sites banned in certain regions.
  • In spite of being designed with a good amount of attractive material with themes based on religion and fully functional genuine tasks, the main goal of the app is to propagate SandStrike.

SandStrike key capabilities

  • SandStrike is highly sophisticated spyware that collects and steals sensitive data, including call logs and contact lists from the victim's devices, and exfiltrates it to the server.
  • Moreover, it keeps monitoring the compromised devices to keep further track of the victims' activities.

Security tips

SandStrike spyware and malicious VPNs can enable cybercriminals to access devices and exfiltrate sensitive data. To stay protected, use reliable and up-to-date antivirus software to scan, remove, and block spyware or any other threat. Use trustworthy VPN services and improve defenses, particularly against attacks from nation-state adversaries.
Cyware Publisher