It seems to have been active since 2016 an Android malware campaign announced in recent hours by a team of Kaspersky security researchers, nicknamed ViceLeaker.
According to researchers, a group of hackers targeted Israeli citizens and other Asian countries with malware called Triout.
The malware in question is designed to steal sensitive information (including call records, text messages, photos, videos and location data) without users becoming aware of it.
In addition to these espionage functions, the malware also has backdoor capabilities such as uploading, downloading and deleting files, recording surrounding audio, capturing images, making calls or sending of messages to specific numbers.
Researchers in May last year were able to “capture” an infected file and analyze it, discovering that the internal functioning of the APK included a malicious payload, embedded in the original application code: it was a spyware designed to recover almost all information accessible from the attached device.
Although it is unclear who is behind the campaign, researchers used an exposed email address to track the attacker’s footsteps to Iran.
[penci_blockquote style=”style-2″ align=”none” author=””]“We are currently investigating whether this group might also be behind a large-scale web-oriented attack at the end of 2018 using code injection and exploiting SQL vulnerabilities. Even when this would not be directly related to the Android malware described in this blog post, it would be an indicator of wider capabilities and objectives of this actor,” Kaspersky said in a statement.[/penci_blockquote]
Furthermore, Kaspersky revealed that the number of DDoS attacks grew by 84% in the first quarter of 2019 compared to the fourth quarter of 2018, with an increase of those lasting more than an hour.