Facebook discovers a new Android malware, linked to APT hacking groups

Facebook has discovered cyber-espionage group linked to the hacking groups called ‘Bitter APT’ and APT36 (aka ‘Transparent Tribe’) using a new Android malware.

These cyberspying group uses social media platforms such as Facebook, to fetch intelligence (OSINT) or to befriend victims by using fake accounts and then take them to external platforms to install the malware.

Earlier this year, both APT36 and Bitter APT were seen arranging cyber-espionage campaigns and hence Facebook reported their recent activities.

Consequently, APT36, a Pakistan-aligned state-sponsored threat actor was exposed in a campaign while cyberattacking the the Indian government using MFA-bypassing tools. Also, the Bitter APT was seen targeting the Bangladesh government with a new malware in May 2022.

The aim of both of the groups were to infect its targets with malware by using a combination of URL shortening services, compromised sites, and third-party file hosting providers. For instance, Bitter if posts broken links or images of malicious links and if the people would type them into their browser rather than clicking on them, then in one attempt, the threat actors will evade into the systems. Bitter injects malware called Dracarys into non-official versions of YouTube, Telegram, WhatsApp, etc and then gains access of various applications on the device, including installing unknown or malicious apps.