CarderPlanet
Professional
Mobile attacks based on nationality: who preys on ethnic minorities?
Tibetans, Uighurs and Taiwanese have been targeted in a long-running malware campaign by a hacker group codenamed EvilBamboo, which aims to collect sensitive information.
Security researchers from the company Volexity reported that the attackers created fake Tibetan websites and social media profiles, probably to use browser-based threats against targeted users. By partially mimicking existing popular communities, the attackers created communities on popular platforms such as Telegram to spread their malware faster.
Formerly known as Evil Eye, the EvilBamboo group has been linked to several waves of attacks since 2019. Hackers often use attacks through infected sites to deliver spyware that targets Android and iOS devices.
Attacks targeting Apple's mobile operating system used a zero-day vulnerability in the WebKit engine, patched by Apple in early 2019, to spread spyware called Insomnia. In March 2021, Meta said it had detected an attacker abusing its platforms to distribute malicious websites that host the malware.
The EvilBamboo group is also known for using Android malware such as ActionSpy and PluginPhantom, which disguise themselves as dictionaries, keyboards, and other apps available in third-party app stores.
The latest data from Volexity links EvilBamboo to three new Android spying tools: BADBAZAAR, BADSIGNAL, and BADSOLAR. The first one was documented by Lookout in November 2022.
The attack chains used to spread malware include forums for sharing APK files, fake sites advertising Signal, Telegram, and WhatsApp, as well as a set of fake social media profiles.
"These campaigns mostly depend on users installing 'infected' apps. This tactic highlights the importance of installing apps only from trusted authors," the researchers said.
The main aspect of EvilBamboo's actions is the creation of fake websites and personalities that are as close as possible to specific target groups, which allows you to lull the latter's vigilance and conduct the most destructive attacks.
Tibetans, Uighurs and Taiwanese have been targeted in a long-running malware campaign by a hacker group codenamed EvilBamboo, which aims to collect sensitive information.
Security researchers from the company Volexity reported that the attackers created fake Tibetan websites and social media profiles, probably to use browser-based threats against targeted users. By partially mimicking existing popular communities, the attackers created communities on popular platforms such as Telegram to spread their malware faster.
Formerly known as Evil Eye, the EvilBamboo group has been linked to several waves of attacks since 2019. Hackers often use attacks through infected sites to deliver spyware that targets Android and iOS devices.
Attacks targeting Apple's mobile operating system used a zero-day vulnerability in the WebKit engine, patched by Apple in early 2019, to spread spyware called Insomnia. In March 2021, Meta said it had detected an attacker abusing its platforms to distribute malicious websites that host the malware.
The EvilBamboo group is also known for using Android malware such as ActionSpy and PluginPhantom, which disguise themselves as dictionaries, keyboards, and other apps available in third-party app stores.
The latest data from Volexity links EvilBamboo to three new Android spying tools: BADBAZAAR, BADSIGNAL, and BADSOLAR. The first one was documented by Lookout in November 2022.
The attack chains used to spread malware include forums for sharing APK files, fake sites advertising Signal, Telegram, and WhatsApp, as well as a set of fake social media profiles.
"These campaigns mostly depend on users installing 'infected' apps. This tactic highlights the importance of installing apps only from trusted authors," the researchers said.
The main aspect of EvilBamboo's actions is the creation of fake websites and personalities that are as close as possible to specific target groups, which allows you to lull the latter's vigilance and conduct the most destructive attacks.
