ALL YOUR IT. SIMPLIFIED.
Cybersecurity for middle market operations
Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
ESET researchers have identified an active campaign by the Bahamut cyber mercenary group, which targets Android users with fake VPN apps, and can extract sensitive data from their victims’ messaging apps.
It appears to be an ongoing campaign targeting Russian users with fake VPN applications that would compromise their devices and steal sensitive data from their messaging apps.
Now, less than two months later, there is evidence that this campaign is ongoing and has spread well outside Russia’s borders – specifically in Central and Eastern Europe (CEE), as well as in Asia.
The campaign appears to be an active one that has been going on for some time. It targets multiple countries by employing a mixture of social engineering tricks as well as ad fraud. Its main purpose is to obtain sensitive data from victims’ messaging apps – in particular their contact lists, which reveal detailed information about their social connections and personal interests.
Although ESET can’t definitively attribute this campaign to the Bahamut cyber mercenary group (CMG), we can definitely say that its techniques are in line with those used by CMG. The same techniques, in fact, were also used in a recent DDoS attack against online casino operators and Bitcoin exchanges that was also carried out by CMG.
