216.73.216.233

ANDROID MALWARE IN DONOT APT OPERATIONS

· Published 21/01/2025 09:09 · Modified 21/01/2025 09:15

Export JSON

Essential information

Published
21/01/2025 09:09
Modified
21/01/2025 09:15
Tags
2025-01-21 android apt spyware
Related entities
6 observables, 1 intrusion sets (apt), 1 malware, 4 others

Description

The DONOT group, serving Indian national interests, has deployed malware named 'Tanzeem' for intelligence gathering against internal threats. The malware, disguised as a chat application, exploits OneSignal, a customer engagement platform, for malicious purposes. It requests dangerous permissions to access call logs, contacts, storage, SMS, location, and account information. The malware communicates with command-and-control servers and uses push notifications to encourage installation of additional malware, enhancing persistence. The group's evolving tactics indicate ongoing efforts in strategic intelligence collection across South Asia, targeting various organizations to assist India's interests.

Related entities

Vulnerabilities, IOCs, intrusion sets, MITRE techniques and other entities referenced in this report.

External references