Arid Viper Campaign Targets Arabic-Speaking Users

Cybersecurity experts at Cisco Talos have exposed the latest operations of the espionage-driven Arid Viper advanced persistent threat group. The new campaign, active since April 2022, has been targeting Arabic-speaking Android users. According to an advisory published earlier today, the modus operandi of Arid Viper involves the deployment of customized mobile malware in the Android Package format. One of the key mysteries surrounding the Arid Viper campaign is the possible connection between the threat actor and the Israel-Hamas conflict. It's essential to note that there's no concrete evidence either confirming or denying such a link. Cisco Talos said they conducted thorough due diligence, collaborating closely with law enforcement agencies, before making their findings public. From a technical standpoint, one intriguing facet of this operation is the striking resemblance between Arid Viper's mobile malware and a legitimate dating application called Skipped. The malware shares a similar name and even utilizes the same project on the Firebase application development platform. The connection raises questions about whether Arid Viper has affiliations with the dating app's developers or if they've unlawfully gained access to the shared project. To lure unsuspecting users into downloading their malicious mobile software, Arid Viper operatives distribute links masquerading as legitimate dating app updates. These links deploy malware onto the victims' devices. The Android malware boasts several features, including the ability to turn off security notifications, pilfer sensitive information and inject additional malicious applications into the compromised devices. The investigation by Cisco Talos also uncovered a complex network of dating-themed applications related to Skipped. Notably, Skipped GmbH, the publisher behind Skipped, is a German-based entity seemingly tied to numerous dating apps published by companies in Singapore and Dubai. Many of these applications prompt users to purchase "Coins" for continued interaction, potentially generating revenue for the APT operators.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to Arid Viper Campaign Targets Arabic-Speaking Users

Arid Viper Campaign Targets Arabic-Speaking Users - Cybersecurity experts at Cisco Talos have exposed the latest operations of the espionage-driven Arid Viper advanced persistent threat group. The new campaign, active since April 2022, has been targeting Arabic-speaking Android users. According to an ...
1 year ago Infosecurity-magazine.com
CVE-2008-7092 - Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a ...
7 years ago
Russian Cyberattackers Launch Multiphase PsyOps Campaign - Russia-linked threat actors employed both PysOps and spear-phishing to target users over several months at the end of 2023 in a multiwave campaign aimed at spreading misinformation in Ukraine and stealing Microsoft 365 credentials across Europe. The ...
9 months ago Darkreading.com
Syrian Threat Group Peddles Destructive SilverRAT - The group behind a sophisticated remote access Trojan, SilverRAT, has links to both Turkey and Syria and plans to release an updated version of the tool to allow control over compromised Windows systems and Android devices. According to a threat ...
11 months ago Darkreading.com
Iranian Phishing Campaign Targets Israel-Hamas War Experts - Iran-linked threat actors are targeting high-profile researchers working on the Israel-Hamas conflict via a sophisticated social engineering campaign, according to Microsoft Threat Intelligence. The threat actor Mint Sandstorm, which has ties to ...
10 months ago Infosecurity-magazine.com
Global malspam targets hotels, spreading Redline and Vidar stealers - The latest global malspam campaign targets the hotel industry, emphasizing the need to stay alert against such attacks at all times. Cybersecurity researchers at Sophos X-Ops have issued a warning to the hospitality industry about a sophisticated ...
11 months ago Hackread.com
Cybercriminals expand targeting of Iranian bank customers with known mobile malware - Researchers have uncovered more than 200 fake mobile apps that mimic major Iranian banks to steal information from their customers. The campaign was first discovered in July of this year, but since then, the cybercriminals have expanded their ...
1 year ago Therecord.media
Iran-Linked Imperial Kitten Cyber Group Targeting Middle East's Tech Sectors - A group with links to Iran targeted transportation, logistics, and technology sectors in the Middle East, including Israel, in October 2023 amid a surge in Iranian cyber activity since the onset of the Israel-Hamas war. The attacks have been ...
1 year ago Thehackernews.com
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs - Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and ...
10 months ago Microsoft.com
Booking.com Customers Scammed in Novel Social Engineering Campaign - Booking.com customers are being targeted by a novel social engineering campaign, which is "Paying serious dividends" for cybercriminals, according to new research by Secureworks. The researchers said the campaign, which they believe has been running ...
1 year ago Infosecurity-magazine.com
Pro-Hamas Cyberattackers Aim 'Pierogi' Malware at Multiple Mideast Targets - A group of pro-Hamas attackers known as the Gaza Cybergang is using a new variation of the Pierogi++ backdoor malware to launch attacks on Palestinian and Israeli targets. According to research from Sentinel Labs, the backdoor is based on the C++ ...
11 months ago Darkreading.com
Hackers Abused Microsoft's "Verified Publisher" OAuth Apps to Hack Corporate Email Accounts - Microsoft on Tuesday said it took steps to disable fake Microsoft Partner Network accounts that were used for creating malicious OAuth applications as part of a malicious campaign designed to breach organizations' cloud environments and steal email. ...
1 year ago Thehackernews.com
From Social Engineering to DMARC Abuse: TA427's Art of Information Gathering - Key takeaways  TA427 regularly engages in benign conversation starter campaigns to establish contact with targets for long-term exchanges of information on topics of strategic importance to the North Korean regime. In addition to using specially ...
7 months ago Proofpoint.com
Year in Malware 2023: Recapping the major cybersecurity stories of the past year - Botnets kept coming back from the dead, ransomware actors found new ways to make money through data theft extortion and threat actors and malware who have been around for more than a decade find ways to stay relevant. After Microsoft blocked macros ...
11 months ago Blog.talosintelligence.com
'PhantomBlu' Cyberattackers Backdoor Microsoft Office Users via OLE - A malicious email campaign is targeting hundreds of Microsoft Office users in US-based organizations to deliver a remote access trojan that evades detection, partially by showing up as legitimate software. Threat actors previously have used the RAT ...
8 months ago Darkreading.com
SugarGh0st RAT Delivered via Malicious Windows & JavaScript - RATs allow threat actors to execute the following malicious actions while remaining hidden from the victim:-. Recently, cybersecurity researchers at Cisco Talos discovered a malicious campaign that was found to be delivering a new RAT that's been ...
1 year ago Cybersecuritynews.com
Investigation of Possible Causes of ESXiArgs Ransomware Attacks Suggests VMware is Not at Fault - Edward Hawkins, the High-Profile Product Incident Response Manager at VMware, has denied allegations that two-year-old security flaws have been used in the current ESXiArgs ransomware attacks. Over the weekend, reports surfaced about cybercriminals ...
1 year ago Hackread.com
Three Iranian Cyber Actors Indicted For Election Interference And Hacking Campaign - According to the DOJ, the three hackers targeted officials and individuals associated with one of the US presidential campaigns, referred to in the indictment as “US Presidential Campaign 1.” They successfully gained unauthorized access to ...
2 months ago Informationsecuritybuzz.com
Threat Group Using Rare Data Transfer Tactic in New RemcosRAT Campaign - A threat actor known for repeatedly targeting organizations in Ukraine with the RemcosRAT remote surveillance and control tool is back at it again, this time with a new tactic for transferring data without triggering endpoint detection and response ...
11 months ago Darkreading.com
Anatsa Banking Trojan Resurfaces, Targets European Banks - The Anatsa banking Trojan campaign has been observed increasingly targeting European banks, according to new data by ThreatFabric researchers. Since its reemergence in November 2023, the Anatsa campaign has manifested in five distinct waves, ...
9 months ago Infosecurity-magazine.com
DoJ Charges 3 Iranian Hackers in 'Hack & Leak' Campaign - The activity, according to a DoJ press release, "was part of Iran's continuing efforts to stoke discord, erode confidence in the US electoral process, and unlawfully acquire information relating to current and former US officials that could ...
2 months ago Darkreading.com
Pirated Software Puts Mac Users at Risk as Proxy Malware Emerges - Malware is being targeted at Mac users who receive pirated versions of popular apps from warez websites after they choose to download them from those websites. Various reports state that cybercriminals are infecting macOS devices with proxy trojans ...
1 year ago Cysecurity.news
Proofpoint Exposes Sophisticated Social Engineering Attack on Recruiters That Infects Their Computers With Malware - Recruiters and anyone else involved in hiring processes should be knowledgeable about this social engineering attack threat. A new report from U.S.-based cybersecurity company Proofpoint exposes a new attack campaign operated by a ...
11 months ago Techrepublic.com
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
6 months ago Bleepingcomputer.com
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising - A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. WinSCP and Putty are popular Windows utilities, with WinSCP being an SFTP client and FTP client and Putty an ...
6 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)