An ongoing malware campaign was found that predominantly targets military personnel. The spyware campaign has been operating in Dating and Instant Messaging Apps since January. The current version of PJobRAT malware has been discovered, according to researchers, for the first time in December 2019.
What Transpired?
Recently, researchers found the PJobRAT spyware and reported that the spyware samples are masquerading as Android dating applications.
- In the course of their research, experts have found that this new variant disguises non-resident Indians as a dating application referred to as Trendbanter, and as the Signal app.
- In certain circumstances, the spyware imitates other applications in order to trick unsuspected users like HangOn, SignalLite, Rita, and Ponam.
- Moreover, the attackers had achieved their propagation goals by distributing numerous spyware through third-party app stores and other media, including malicious URLs and SMS.
- It imitates WhatsApp or any legally looked application to stay concealed in the app list. The most strange issue, however, is that the icon with the installed icon is not exactly displayed in the app store.
PJobRAT
There was no link between the researchers who spotted this new activity and any of the cyber groups. The exact nature of the objectives, however, indicates the individuals located in China or Pakistan.
- Files from infected devices are exfiltrated in PJobRAT.pdf,.doc,.docx,.xls,.xlsx, .ppt and.pptx. It uploads books, text messaging, audio, video and image files.
- It also uploads the list of installed applications, WiFi/GPS information, geographical location, external storage files, telephone number, WhatsApp contacts/messages or microphones, and camera recordings.
The attackers behind this malware are not advanced, according to recent studies as their private servers are publicly available where the exfiltrated data is held. It does not, however, diminish the reality that it is still functioning and puts potential victims at risk.
To read more, please check eScan Blog
