The Lookout Threat Intelligence team has discovered four Android surveillanceware tools,
which are used to target the Uyghur ethnic minority group. his research indicates that these four interconnected malware tools are elements of much larger mAPT (mobile advanced persistent threat)campaigns that have been active for years. Although there is evidence that the campaigns have been active since at least 2013, Lookout researchers have been monitoring the surveillanceware families — SilkBean, DoubleAgent, CarbonSteal and GoldenEagle — as far back as 2015.
The mAPT threat actors behind this activity possess a mobile arsenal containing at least four other Android surveillance tools publicly known as HenBox1, PluginPhantom2, Spywaller3and DarthPusher4. By examining the surveillanceware apps, their signing certificates and supporting command and control (C2) infrastructure, Lookout discovered connections between these malware tools and the actors behind them which Lookout detail in this
report.
No comments:
Post a Comment