Researchers have reportedly discovered an active espionage campaign 'eXotic Visit', that has been targeting Android users with fake messaging apps. These apps are distributed through dedicated websites and Google Play- as per the new report which surfaced on Wednesday.
As per ESET Research, the campaign appears to primarily target a select group of Android users in India as well as Pakistan.
The researchers have further said that they have tracked the eXotic Visit campaign's activities from November 2021 through to the end of 2023.
While the downloaded apps provide legitimate functionality, they come bundled with open-source XploitSPY malware.
In a report, the researchers said, "Apps that contain XploitSPY can extract contact lists and files, the device’s GPS location, and the names of files listed in specific directories related to the camera, downloads, and various messaging apps such as Telegram and WhatsApp."
They further added, "The malware also uses a native library, which is often used in Android app development for improving performance and accessing system features. However, in this case, the library is used to hide sensitive information, like the addresses of the C&C servers, making it harder for security tools to analyze the app."
Apps like Dink Messenger, Sim Info, and Defcom were taken down from Google Play.
Moreover, the report identified ten additional apps that contain code that was based on XploitSPY and shared its findings with Google. Following that, the apps were removed from the store.
Overall, around 380 victims have downloaded the apps from websites and Google Play store and created accounts to use their messaging functionality, the report said.
Recently, Google, during its Cloud Next 2024 conference announced a series of updates aimed at enhancing collaboration and productivity within its Workspace suite. These updates will leverage Gemini capabilities, which reflect Google's ongoing integration of artificial intelligence (AI) into its product lines.
Inputs from IANS
