216.73.217.172

VajraSpy

AlienVault · Published 20/12/2025 19:41 · Modified 04/05/2026 16:51

Essential information

Confidence
100/100
Is family
No
Published
20/12/2025 19:41
Modified
04/05/2026 16:51
Revoked
No
Author / Source
AlienVault
Related entities
31 attack patterns (mitre), 1 intrusion sets (apt), 2 sectors, 3 countries, 3 indicators

Description

[VajraSpy](https://attack.mitre.org/software/S9006) is Android malware distributed via trojanized messaging and news applications. It has been used to target individuals in Pakistan and India since at least 2021 and has been delivered through the Google Play Store, malicious domains, and other uncontrolled distribution channels. [VajraSpy](https://attack.mitre.org/software/S9006) is attributed with high confidence to [Patchwork](https://attack.mitre.org/groups/G0040) which has used the malware to conduct targeted espionage, primarily against devices in Pakistan. (Citation: ESET_VajraSpy_Feb2024)(Citation: ArcticWolf_DroppingElephant_July2025)(Citation: K7Dhanalakshmi_VajraSpy_April2022)

Marking (TLP)

TLP:CLEAR

External references