• World CyberCon India
Data Breaches Firewall Daily

Hackers Use Android Spyware ‘Dracarys’ In Cyber Espionage Activities

Dracarys can cause damage without the user’s knowledge by auto-granting permissions, clicking on the screen and functioning in the background even when the user is not using the app.

Hackers Use Android Spyware ‘Dracarys’ In Cyber Espionage Activities
  • PublishedAugust 10, 2022

Researchers identified a malicious code disguised in the Signal messaging app by the Bitter APT group to target users with Android spyware called Dracarys. The new threat vector came to light when Facebook’s parent company released its Q2 2022 adversarial risk report on cyber espionage. Cyber-intelligence firm, Cyble reported a trojanized model of the Signal messaging app in a technical report detailing Dracarys. According to the Cyble Report, “The Bitter APT is actively involved in both desktop and mobile malware campaigns and uses techniques like spear phishing emails, exploiting known vulnerabilities to deliver Remote Access Trojan (RAT) and other malware families.” Attackers used legitimate-looking apps and app stores to target users in India, Pakistan, New Zealand, and the United Kingdom.

Using trojanized dropper apps, the miscreants sent Dracarys under the guise of available channels such as Signal, Telegram, YouTube, and WhatsApp. Dracarys accessed sensitive information, including files, call logs, SMS, contact, and GPS location. The malware comes with the capacity to steal data from the victim’s device with access to their microphone-activation capabilities.

The attacks surpassed detection and blocking as broken links and images with phishing links were sent on chat, making the users type the link on the browser, leading to a successful attack. Due to the permissions requested while downloading infected apps, the attackers could make calls and access the entire storage, including the camera of the victim’s device.

Furthermore, Dracarys can cause damage without the user’s knowledge by auto-granting permissions, clicking on the screen and functioning in the background even when the user is not using the app. Taking screenshots and transferring the same to the attackers is another harmful capability of the adware. The same pattern as noted by Cyble was, “hxxps://signal-premium-app[.]org.”

According to the Cyble’s report, because the supply code of the apps used to convince victims was open supply, the Bitter APT hacking group had more access to model their attack based on anticipated behavior and standard options. According to reports, links showed attractive women to lure victims into opening phishing links. This would deploy the malware on their systems. Moreover, an open channel, ‘Apple TestFlight’, was used to convince users to download and install their ‘iOS chat application.’

Written By
Editorial

The Cyber Express is a publication that aims to provide the latest news and analysis about the information security industry. The news comes from a variety of sources and is updated regularly so that readers can stay up to date with the latest happenings in this rapidly growing field.

3 Comments

  • […] network by hacking into an employee’s personal Google account that later helped the hackers access all the saved passwords and login details on the network. According to sources, hackers stole 2.8GB […]

  • […] fraudsters are not an old group, nor does it belong to any bigger hacker groups. According to reports, Classiscam was first discovered in 2020 as a scam-as-a-service affiliate […]

  • […] attack victim, South Staffordshire Water, acknowledged that its IT systems had been subjected to a cyberattack. The company stated in the announcement that the attack had only been able to affect its IT […]

Comments are closed.