Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.

Arid Viper Camouflages Malware in Knockoff Dating App

The APT group uses updates from the app to get the user to download the malware.

Dark Reading Staff, Dark Reading

October 31, 2023

1 Min Read
Eyelash bush viper / Atheris ceratophora
Source: Matthijs Kuijpers via Alamy Stock Photo

APT group Arid Viper targets Arabic-speaking Android users with a spoof version of a dating app to collect sensitive user information.

According to research by Cisco Talos, the group replicates a dating app named Skipped with a malicious version using a similar name, available for download in the Google Play store.

Once downloaded, the operators share malicious links, masquerading as updates in order to get the user to a tutorial video. A URL in the video’s description directs users to an attacker-controlled domain that serves the custom malware.

The YouTube account was created in March 2022 and has only uploaded one video, which had around 50 views at the time of publishing the research. The company determined all of the domains used by the attackers in this campaign are solely registered, operated, and controlled by Arid Viper, and they follow the same naming patterns observed in previous iterations of Arid Viper infrastructure.

The malware can also disable security notifications, collect users' sensitive information, and deploy additional malicious applications on compromised devices. The researchers determined that the malware campaign has been active since at least April 2022.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights