• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
arid viper targeting arabic android users with spyware disguised as

Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App

You are here: Home / General Cyber Security News / Arid Viper Targeting Arabic Android Users with Spyware Disguised as Dating App
October 31, 2023

The menace actor acknowledged as Arid Viper (aka APT-C-23, Desert Falcon, or TAG-63) has been attributed as guiding an Android spyware campaign targeting Arabic-talking consumers with a counterfeit courting app built to harvest information from infected handsets.

“Arid Viper’s Android malware has a range of features that empower the operators to surreptitiously accumulate sensitive data from victims’ gadgets and deploy supplemental executables,” Cisco Talos reported in a Tuesday report.

Active because at minimum 2017, Arid Viper is a cyber espionage that’s aligned with Hamas, an Islamist militant movement that governs the Gaza Strip. The cybersecurity organization reported there is no evidence connecting the campaign to the ongoing Israel-Hamas war.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Cybersecurity

The activity is believed to have commenced no before than April 2022.

Curiously, the cellular malware shares resource code similarities with a non-destructive online courting software known as Skipped, suggesting that the operators are possibly linked to the latter’s developer or managed to copy its attributes in an endeavor at deception.

The use of seemingly-benign chat purposes to provide malware is “in line with the ‘honey trap’ strategies applied by Arid Viper in the earlier,” which has resorted to leveraging bogus profiles on social media platforms to trick potential targets into putting in them.

Cisco Talos stated it also determined an prolonged web of organizations that produce relationship-themed applications that are similar or identical to Skipped and can be downloaded from the official app retailers for Android and iOS.

  • VIVIO – Chat, flirt & Dating (Available on Apple Application Store)
  • Meeted (beforehand Joostly) – Flirt, Chat & Dating (Available on Apple App Retail outlet)
  • SKIPPED – Chat, Match & Dating (50,000 downloads on Google Participate in Store)
  • Joostly – Relationship Application! Singles (10,000 downloads on Google Play)

The array of simulated relationship purposes has elevated the chance that “Arid Viper operators might search for to leverage these added purposes in long run destructive strategies,” the enterprise pointed out.

The malware, as soon as mounted, hides alone on a target device by turning off procedure or security notifications from the operating technique and also disables notifications on Samsung mobile equipment and on any Android phone with the APK offer name made up of the phrase “security” to fly below the radar.

Cybersecurity

It’s also intended to request for intrusive permissions to document audio and online video, browse contacts, access connect with logs, intercept SMS messages, change Wi-Fi configurations, terminate track record apps, consider shots, and build procedure alerts.

Amongst other noteworthy functions of the implant consists of the means to retrieve procedure details, get an updated command-and-control (C2) area from the present C2 server, as effectively as down load supplemental malware, which is camouflaged as legit applications like Facebook Messenger, Instagram, and WhatsApp.

The enhancement arrives as Recorded Future revealed signs probably connecting Arid Viper to Hamas by means of infrastructure overlaps linked to an Android software named Al Qassam which is been disseminated in a Telegram Channel declaring affiliation to Izz advertisement-Din al-Qassam Brigades, the armed service wing of Hamas.

“They depict not only a achievable slip in operational security but also possession of the infrastructure shared amongst teams,” the enterprise reported. “One particular probable hypothesis to reveal this observation is that TAG-63 shares infrastructure sources with the relaxation of the Hamas firm.”

Uncovered this posting interesting? Abide by us on Twitter  and LinkedIn to read far more exclusive written content we post.


Some elements of this post are sourced from:
thehackernews.com

Previous Post: «malicious nuget packages caught distributing seroxen rat malware Malicious NuGet Packages Caught Distributing SeroXen RAT Malware
Next Post: Alert: F5 Warns of Active Attacks Exploiting BIG-IP Vulnerability alert: f5 warns of active attacks exploiting big ip vulnerability»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Fortinet Releases Patch for Critical SQL Injection Flaw in FortiWeb (CVE-2025-25257)
  • PerfektBlue Bluetooth Vulnerabilities Expose Millions of Vehicles to Remote Code Execution
  • Securing Data in the AI Era
  • Critical Wing FTP Server Vulnerability (CVE-2025-47812) Actively Being Exploited in the Wild
  • Iranian-Backed Pay2Key Ransomware Resurfaces with 80% Profit Share for Cybercriminals
  • CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises
  • Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads
  • Fake Gaming and AI Firms Push Malware on Cryptocurrency Users via Telegram and Discord
  • Four Arrested in £440M Cyber Attack on Marks & Spencer, Co-op, and Harrods
  • What Security Leaders Need to Know About AI Governance for SaaS

Copyright © TheCyberSecurity.News, All Rights Reserved.