A new APT Bahamut malware campaign has been reported by ESET researchers. Their report says that attackers have begun to sew malware into VPN applications. The SoftVPN and OpenVPN applications received a “modification” from hackers. Bahamut was able to reuse old spyware code to make applications malicious, the researchers found.
Applications modified by hackers provide them with powerful functionality:
- Gaining access to SMS, call logs, location and call records;
- Collecting data from messengers;
- Extracting data from banking applications.
The attackers used the fake SecureVPN website, not Google Play, to distribute malicious applications. According to ESET experts, the attack was aimed at specific victims, for this, hackers implemented a redirection mechanism to a site that provides the victim with a specific activation key. This key prevents malware from running on random people's devices.
The campaign discovered by ESET experts is another strong reminder not to download applications from unreliable sources on the Internet. The researchers claim that the campaign began in January of this year and is still ongoing. Therefore, information security specialists recommend that users download applications only from reliable sources so as not to expose themselves to the risk of malware infection.