Arid Viper poisons Android apps with AridSpy

216.73.216.6

Arid Viper poisons Android apps with AridSpy

· Published 14/06/2024 08:25 · Modified 14/06/2024 08:34

Essential information

Published: 14/06/2024 08:25
Modified: 14/06/2024 08:34
Tags: 2024-06-14 android aridspy espionage exfiltration spyware
Related entities: 37 observables, 1 intrusion sets (apt), 1 malware, 2 others

Description

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its command-and-control server to avoid detection and exfiltrates sensitive information like contacts, messages, locations, and media files.

External references

https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/
https://otx.alienvault.com/pulse/666bfe8bc4fa436ee214fb6f