Latest Top Posts

wallpaper-wednesday:-more-great-phone-wallpapers-for-all-to-share-(january-22)

Wallpaper Wednesday: More Great Phone Wallpapers For All To Share (January 22)

trump-is-open-to-elon-musk-buying-tiktok

Trump Is Open To Elon Musk Buying TikTok

chromeos-rolling-out-face-control,-chromebox-ops-for-large-touchscreens

ChromeOS Rolling Out Face Control, Chromebox OPS For Large Touchscreens

just-like-apple-airpods:-even-samsung-wants-to-add-cameras-to-galaxy-buds

Just Like Apple AirPods: Even Samsung Wants To Add Cameras To Galaxy Buds

android-16-is-adding-a-new-shortcut-to-launch-google-wallet,-and-we-have-screenshots

Android 16 Is Adding A New Shortcut To Launch Google Wallet, And We Have Screenshots

This Android Malware Tracks Data, But Not Yours

All the latest Android & Tech news Android Apps Apps Malware Add Comment 3 Min Read
this-android-malware-tracks-data,-but-not-yours
This Android Malware Tracks Data, But Not Yours

Android is no stranger to malicious software that performs unsavory actions. Just a few months ago, an Android malware called Tanzeem was discovered, and it existed to extract data from unsuspecting individuals through fake apps.

This malware was also linked to a threat actor named DoNot Team. This is a team that most people believe originated in India. This team is also tracked as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger. They’ve been known to use tactics such as spear-phishing and pushing Android malware.

The Tanzeem malware tracks data through its app, but you’ve most likely not been affected

The malware exists in two apps. One is called Tanzeem and the other is called Tanzeem Update. The first one is a fake chat app. When you open it, you’re greeted with a simple chat interface with a menu grid up top, the app’s name, and a Start Chat button at the bottom.

Just like most other untrustworthy apps, the Tanzeem app asks for permissions that it shouldn’t realistically need. After you grant the app the permissions, it will promptly crash. In the screenshot below, we see the app asking to access the Accessibility permission.

See also  Google Pixel Referral Program Has Returned With Up To $500 In Rewards

Along with that, the report reveals that the apps used the OneSignal platform. This is a platform that pushes notifications, sends text messages, sends emails, and sends in-app messages. It’s believed that the apps used this platform to send notifications containing phishing links.

What do the apps do?

It looks like these apps collected sensitive data from the users who downloaded them. These apps ask for permission to access text messages, contacts, call logs, locations, account information, and files. With this sort of information, any threat actor can properly track someone’s every move.

From the looks of it, it doesn’t seem like the team is distributing the app to a wide range of people. It looks like this attack was targeting certain individuals. So, we will have to wait for more information about who this attack was targeting.

Tags: