skip to Main Content

Cyber Espionage, SandStrike is a new spyware targeting Baháʼí speaking Android users

SandStrike is a new spyware targeting Baháʼí speaking Android users. Kaspersky cybersecurity experts: The victims are lured to download the malware with Facebook and Instagram accounts, that point to a Telegram channel, that distributes a malicious VPN

SandStrike is a new spyware targeting Baháʼí speaking Android users. Kaspersky cybersecurity experts discovered it. To lure victims into downloading the spyware implants, the threat actors set up Facebook and Instagram accounts with more than 1,000 followers and designed attractive religious-themed graphic materials, setting up an effective trap for adherents of this belief. Most of these social media accounts contain a link to a Telegram channel also created by the attacker. In this channel, the actor behind the malware distributed a seemingly harmless VPN application to access sites banned in certain regions, for example, religious-related materials. To make this application fully functional, adversaries also set up their own VPN infrastructure. However, the VPN client contains fully-functioning spyware with capabilities allowing threat actors to collect and steal sensitive data, including call logs, contact lists, and also track any further activities of persecuted individuals.

Back To Top