Cyber Spies Spread Android Trojan Disguised as COVID-19 App

The cyber-espionage group Transparent Tribe, known for its targeted attacks, has added a new Android malware to its arsenal. The operators are distributing it under the guise of an adult content app or software for tracking the spread of COVID-19.

Experts from Kaspersky Lab discovered the Android malware sample. According to their analysis, this indicates an expansion of Transparent Tribe’s capabilities and scope—they have now shifted their focus to targeting mobile device users.

The attackers are using two different apps in their campaigns. The first is a video player that shows erotic videos, while the second, called Aarogya Setu, supposedly tracks the spread of COVID-19.

In reality, this software attempts to install the AhMyth malware, which gives the attacker remote access to the victim’s device. According to Kaspersky Lab specialists, this particular sample features more advanced capabilities than previous versions.

If the malware becomes established on the system, the attacker can use it to read SMS messages, manage files, take screenshots, eavesdrop on conversations, and view call history.

Last week, it was reported that Transparent Tribe launched a campaign targeting employees of military and government organizations around the world.