Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
This report examines the pervasive mobile #malware dimension in APT campaigns and surveys the prevalent use of mobile malware in cross-platform surveillance and espionage campaigns by Chinese, Iranian, Vietnamese and other APT Groups.
Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
- A newly identified threat actor dubbed BBCY-TA2 is utilizing a newly identified Android malware family dubbed PWNDROID3 in combination with a newly identified Windows malware family dubbed PWNWIN1 that is distributed via bogus mobile applications that mimic a popular bitcoin cashing application in a newly identified cross-platform campaign dubbed OPERATION DUALCRYPTOEX
- A newly identified threat actor dubbed BBCY-TA3 engaged in economic espionage against targets that include a range of Western and South Asian commercial enterprises in the telecommunications space as well as nearly every chemical manufacturing company in the world outside of China and is sharing attack infrastructure with BBCY-TA2
- A newly discovered cross-platform espionage campaign dubbed OPERATION OCEANMOBILE conducted by APT group OCEANLOTUS is employing a newly identified Android malware family dubbed PWNDROID1 that is being delivered via a sophisticated trio of fake mobile applications
- A newly identified cross-platform espionage campaign dubbed OPERATION DUALPAK by APT group BITTER is targeting the Pakistani military leveraging a newly identified mobile malware family dubbed PWNDROID2 that is being distributed via fake applications, SMS, WhatsApp and other social media platforms
- A second newly identified cross-platform espionage campaign leveraging interest in the recent Kashmir crisis, dubbed OPERATION DUALPAK2 and conducted by CONFUCIUS, is targeting the Pakistani government and military utilizing a newly identified Windows malware family dubbed PWNWIN2 which was distributed by way of a JavaScript version of a chat application
Hugh Taylor
Hugh Taylor is a Certified Information Security Manager (CISM). In addition to editing Journal of Cyber Policy, he writes about cybersecurity, compliance and enterprise technology for such clients as Microsoft, IBM, SAP, HPE, Oracle, Google and Advanced Micro Devices. Prior to launching his freelance writing career, he served in executive roles at Microsoft, IBM and several venture-backed technology startups.