Cybersecurity firm Cyfirma (haha, how’s that for a portmanteau) discovered three suspicious Android apps under the moniker “SecurITY Industry.” After doing some deep-dive research, Cyfirma discovered that the folks behind the dubious account are part of a threat group called DoNot. (This gets juicier when you find out that, according to SOCRadar, DoNot is a spy group linked to the Indian government.)
DoNot has been targeting regions such as Norway and South Asia for their own political agenda, but it seems like regular civilians like you and me can easily get caught up in their cyber warfare. After all, DoNot’s infected apps were found in the Google Play Store for anyone to download.
Which 3 apps should you watch out for?
Cyfirma discovered that DoNot hosted three apps in the Google Play Store: Device Basics Plus, nSure Chat, and iKHfaa VPN. It’s the latter two apps that caught researchers’ eye because they have the ability to fetch victims’ contact list and track their location.
What raises alarm bells was that iKHfaa VPN and nSure Chat asked for permissions that are irrelevant to the app’s operation. For example, after installing iKHfaa VPN, it asks quarries to turn on location and contact permissions, taking advantage of users’ tendency to breeze past pop-ups by mindlessly tapping “OK.”
iKHfaa VPN (Image credit: Cyfirma)
“Normally, VPN apps don’t use location and contact permission to make a VPN app work. These are the least required permissions app for VPN apps to perform their job. All these suspicious findings made us dig more,” the Cyfirma report said.
nSure chat (Image credit: Cyfirma)
As it turns out, iKHfaa VPN is a replica of a genuine app called Liberty VPN, but the threat actors injected malicious code to spy on unwitting victims. Not only can iKHfaa VPN pinpoint your exact location, but it can track your phone’s live movements. (Even if your GPS is turned off, the spyware will capture your device’s last known location.) It can also read and fetch your contact list. Cyfirma claimed that nSure Chat has similar malicious characteristics.
We typically warn our readers about downloading apps from outside the Google Play Store as a safety measure, but even the search engine giant’s official app store can be the Wild, Wild West. We suggest downloading an anti-malware mobile app such as Bitfender or Avast Mobile Security to thwart malicious groups like DoNot from infiltrating your device.
Be sure to check out our best antivirus apps page for more options.
Today’s best Bitdefender Mobile Security deals