In a recent discovery, cyber-security firm Cyfirma has identified a new cyber-espionage campaign carried out by the APT Bahamut group.
The hackers are using a fake Android chatting app called ‘SafeChat’ to steal sensitive data from targeted individuals in South Asia, with a focus on India. The malicious payload is delivered directly through WhatsApp chat, raising serious concerns about user privacy and data security.
According to Cyfirma’s technical analyses, the cyber attack appears to be linked to one nation-state government, raising suspicions of state-sponsored cyber-espionage. This aligns with APT Bahamut’s previous targeting of Khalistan supporters and military establishments in Pakistan, indicating a broader external threat to the region.
The Android malware, believed to be a variant of “Coverlm,” is capable of extracting data from various communication apps, including Telegram, Signal, WhatsApp, Viber, and Facebook Messenger. The new malware, distributed as the app “Safe Chat,” boasts more permissions than its predecessors, intensifying the level of threat it poses.
Upon installation, the app deceives users by displaying a landing page that claims to be a secure chatting application. Users are then prompted to grant permissions, unwittingly allowing the hackers to access their sensitive information before realizing the app’s fraudulent nature.
The sophistication of the cyber attack indicates a high level of expertise by APT Bahamut, with their operations strongly suggesting that they are operating within Indian territory. This discovery raises concerns among individuals, businesses, and governments in the region about their vulnerability to targeted cyber-attacks.
Security experts and authorities in South Asia are urging users to remain vigilant and exercise caution when downloading applications or granting permissions to unknown sources. Regularly updating security software and staying informed about potential threats are essential steps to protect against cyber-espionage and data theft.
While investigations are ongoing, it is crucial for individuals and organizations in South Asia, especially India, to take necessary precautions to safeguard their digital assets and personal information from potential cyber security threats.