[Nulled] » Information security » ESET announces a new StrongPity campaign, in which APT distributes a fake Shagle application
January 16 2023

ESET announces a new StrongPity campaign, in which APT distributes a

web3 16-01-2023, 12:50 Information security 169

ESET announces a new StrongPity campaign, in which APT distributes a fake Shagle application, which is a Trojan version of Telegram for Android with the addition of a backdoor.

Shagle is a platform for conducting random video chats, allowing strangers to communicate over an encrypted communication channel. However, the platform is completely web-oriented and does not have a mobile application.

The researchers found out that since 2021, StrongPity has launched a fake Shagle website, tricking victims into downloading a malicious Android application, which, after installation, spies on targets, including intercepting phone calls, SMS and copying the contact list. 

However, the first confirmed discovery of the APK of the application in the wild occurred in July 2022.

Based on the similarity of the code with past payloads, the activity of StrongPity is attributed to the APT group, also known as Promethium or APT-C-41, previously seen in the distribution of Notepad++ Trojan installers and malicious versions of WinRAR and TrueCrypt.

In addition, the Android application is signed with the same certificate that APT used to sign the imitating Syrian e-government application for Android during the 2021 campaign.

The malicious Android application distributed by StrongPity, probably through a targeted phishing mailing list, is a standard Telegram application version 7.5.0 (February 2022) in the form of a video.apk APK file modified for Shagle.

At the same time, if the victim has already legitimately installed the Telegram application on the phone, then the installation of the backdoor version will not start.

After installation, the malware requests access to the special features service, and then receives a file encrypted with AES from the attacker's C2.

The file includes 11 binary modules extracted to the device and used by the backdoor to perform various functions: from recording telephone conversations (libarm.Instagram, WeChat, Snapchat, Tinder, Instagram, Twitter, Gmail, etc. (jar) before monitoring correspondence in Messenger, Viber, Skype, WeChat, Snapchat, Tinder, Instagram, Twitter, Gmail, etc.(phone.jar ).

The collected data is stored in the application directory, encrypted with AES, and eventually sent back to the attacker's C2.

On "rooted" devices, malware automatically grants itself permission to change security settings, write to the file system, reboot, and other key functions.

According to ESET, by now the API in the captured samples has already fallen off due to overuse, indicating that StrongPity has successfully deployed malware on targeted victims.

Thus, given that StrongPity has been active since 2012, the attacker continues to use proven tactics even after a decade.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: web3
  • Date of publication: 16 January 2023 12:50
  • Publication category(s): Information security
  • Number of views of the publication: 169
  • Number of comments to the publication: 0

Related News

16 January 2023
Open Source
overseas

overseas Overseas is a unique Android application that adds secure encryption of text and images to any other

Read more
26 December 2022
DLE modules
Google Play Parser v6.0

MultiLanguage: Multilingual information Parser from Google Play for DLE 13-14X. Version 6.0, taking into account

Read more
14 January 2023
PHP Scripts
ChatNet v1.9 Nulled -

ChatNet v1.9 Nulled is a full-fledged PHP group chat and private chat script for your website, mobile application

Read more
14 January 2023
PHP Scripts
ChatNet v1.8.4 Nulled -

ChatNet v1.8.4 Nulled is a full-fledged PHP group chat and private chat script for your website, mobile

Read more
15 January 2023
Hacking
We create our own virus

With the help of the virus, we will get full access over an Android smartphone: we will be able to send SMS, take

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +4 Total articles 6750
  • +18 Comments 4226
  • +32 Users : 6040