Carding 4 Carders
Professional
Arid Viper's spy software hides behind a mask of love.
The hacker group Arid Viper (APT-C-23, Desert Falcon, TAG-63) launched a spy campaign using a fake dating app for Android devices aimed at Arabic-speaking users. According to Cisco Talos, the malware is able to discreetly collect confidential data from infected devices and install additional malware.
The activity of the Arid Viper group, which is linked to Hamas because of the similarity of infrastructure, has been tracked since 2017, but the detected campaign began in April 2022 and is not related to the Israeli-Palestinian conflict.
Cybercriminals used the code of the legitimate dating app Skipped, which indicates a possible copying of functions to deceive users. Similar apps allegedly developed by Arid Viper are available in official app stores, which may indicate plans to use them in future cyber attacks.
The attack method involves redirecting victims to a video with instructions for the dating app, where a hidden link leads to malware in the description. This software is masked on infected devices by disabling system notifications and requests for elevated privileges to access personal data.
In addition to collecting information about the system, the program can download additional malware disguised as popular applications such as Facebook Messenger, Instagram and WhatsApp.
The hacker group Arid Viper (APT-C-23, Desert Falcon, TAG-63) launched a spy campaign using a fake dating app for Android devices aimed at Arabic-speaking users. According to Cisco Talos, the malware is able to discreetly collect confidential data from infected devices and install additional malware.
The activity of the Arid Viper group, which is linked to Hamas because of the similarity of infrastructure, has been tracked since 2017, but the detected campaign began in April 2022 and is not related to the Israeli-Palestinian conflict.
Cybercriminals used the code of the legitimate dating app Skipped, which indicates a possible copying of functions to deceive users. Similar apps allegedly developed by Arid Viper are available in official app stores, which may indicate plans to use them in future cyber attacks.
The attack method involves redirecting victims to a video with instructions for the dating app, where a hidden link leads to malware in the description. This software is masked on infected devices by disabling system notifications and requests for elevated privileges to access personal data.
In addition to collecting information about the system, the program can download additional malware disguised as popular applications such as Facebook Messenger, Instagram and WhatsApp.
