VajraSpy
Essential information
- Confidence
- 100/100
- Is family
- No
- Published
- 20/12/2025 19:41
- Modified
- 04/05/2026 16:51
- Revoked
- No
- Author / Source
- AlienVault
- Related entities
- 31 attack patterns (mitre), 1 intrusion sets (apt), 2 sectors, 3 countries, 3 indicators
Description
[VajraSpy](https://attack.mitre.org/software/S9006) is Android malware distributed via trojanized messaging and news applications. It has been used to target individuals in Pakistan and India since at least 2021 and has been delivered through the Google Play Store, malicious domains, and other uncontrolled distribution channels. [VajraSpy](https://attack.mitre.org/software/S9006) is attributed with high confidence to [Patchwork](https://attack.mitre.org/groups/G0040) which has used the malware to conduct targeted espionage, primarily against devices in Pakistan. (Citation: ESET_VajraSpy_Feb2024)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation: K7Dhanalakshmi_VajraSpy_April2022)
Marking (TLP)
TLP:CLEAR