uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-01-11 13:39:29

joanna
Member
Registered: 2023-01-10
Posts: 2,250

StrongPity Targets Android Users With a Fake Website

A trojanized version of the Telegram app was distributed to Android users by the advanced persistent threat (APT) group StrongPity via a fake website that impersonated a video chat service called Shagle.

According to a technical report by ESET malware researcher Luka Stefanko, the mobile backdoor app from StrongPity is distributed through a fake website that imitates the Shagle service. "The app is a modified version of the open source Telegram app that has StrongPity backdoor code in it. ".

StrongPity, also known as APT-C-41 and Promethium, is a cyberespionage organization that has been active since at least 2012 and has primarily targeted Turkey and Syria for its operations. In October 2016, Kaspersky became the first company to publicly acknowledge the existence of the group.

Since then, the threat actor's campaigns have grown to include more targets in Africa, Asia, Europe, and North America. The intrusions use watering hole attacks and phishing emails to activate the killchain.

StrongPity's use of phony websites that claim to offer a wide selection of software tools only serves to dupe victims into downloading corrupted copies of legitimate apps is one of its defining characteristics.

Minerva Labs revealed a three-step attack sequence in December 2021 that started with the execution of a setup file for Notepad that appeared to be harmless and ended with the delivery of a backdoor to infected hosts.

In the same year, StrongPity was seen for the first time deploying Android malware by possibly hacking into the Syrian e-government portal and swapping out the legitimate Android APK file for a fake one.

Source link

Offline

#2 2023-01-11 18:22:23

KAMSI_UG
Member
Registered: 2022-12-26
Posts: 1,858

Re: StrongPity Targets Android Users With a Fake Website

Thanks for this piece of information but honestly I don’t know why people won’t probably check application they download on their device, I always make sure I get application directly from its original source.

Offline

#3 2023-01-14 21:43:00

JONSNOWING
Member
Registered: 2023-01-06
Posts: 1,071

Re: StrongPity Targets Android Users With a Fake Website

Always be careful about fake site out there, many fake imitations are everywhere and they all trying to scam unsuspecting victims. I am glad this scam was detected and warnings sent iuty.

Offline

#4 2023-01-29 16:36:18

IyaJJJ
Member
Registered: 2023-01-25
Posts: 1,521

Re: StrongPity Targets Android Users With a Fake Website

JONSNOWING;3141 wrote:

Always be careful about fake site out there, many fake imitations are everywhere and they all trying to scam unsuspecting victims. I am glad this scam was detected and warnings sent iuty.

Checking fake or phishing websites is something every cryptocurrency investor must make their top priority because a lot of cryptocurrencies investors have lost their life savings/investments in crypto through and if I remember this issues also happen to Binance users in 2018.

Offline

#5 2023-01-29 19:46:01

full
Member
Registered: 2023-01-06
Posts: 979

Re: StrongPity Targets Android Users With a Fake Website

KAMSI_UG;2801 wrote:

Thanks for this piece of information but honestly I don’t know why people won’t probably check application they download on their device, I always make sure I get application directly from its original source.

Checking of applications they download is never the case and I could remember this exact issue happened to people that used Electrum Bitcoin wallet but set their application to auto-update.
Online theft takes advantage of it and provides the wrong application that exposes the user's wallet seeds phrase.

Offline

Board footer

Powered by FluxBB