Breaking cybersecurity news, news analysis, commentary, and other content from around the world, with an initial focus on the Middle East & Africa.
Arid Viper Camouflages Malware in Knockoff Dating AppArid Viper Camouflages Malware in Knockoff Dating App
The APT group uses updates from the app to get the user to download the malware.
October 31, 2023
APT group Arid Viper targets Arabic-speaking Android users with a spoof version of a dating app to collect sensitive user information.
According to research by Cisco Talos, the group replicates a dating app named Skipped with a malicious version using a similar name, available for download in the Google Play store.
Once downloaded, the operators share malicious links, masquerading as updates in order to get the user to a tutorial video. A URL in the video’s description directs users to an attacker-controlled domain that serves the custom malware.
The YouTube account was created in March 2022 and has only uploaded one video, which had around 50 views at the time of publishing the research. The company determined all of the domains used by the attackers in this campaign are solely registered, operated, and controlled by Arid Viper, and they follow the same naming patterns observed in previous iterations of Arid Viper infrastructure.
The malware can also disable security notifications, collect users' sensitive information, and deploy additional malicious applications on compromised devices. The researchers determined that the malware campaign has been active since at least April 2022.
About the Author(s)
You May Also Like
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What's In Your Cloud?Nov 30, 2023
Everything You Need to Know About DNS AttacksNov 30, 2023