New Arid Viper mobile espionage attacks examined

Malicious Android apps have been leveraged by suspected Hamas-linked threat operation Arid Viper — also known as APT-C-23, Grey Karkadann, Two-tailed Scorpion, Desert Falcon, and Mantis — to facilitate the deployment of the AridSpy spyware as part of five mobile espionage campaigns, three of which remain active, The Hacker News reports. Intrusions involved the utilization of fraudulent sites distributing trojanized versions of the NortirChat, LapizaChat, and ReblyChat messaging apps, a malicious version of the Palestinian Civil Registry app, and a fake job opportunity app to spread AridSpy, which deploys a first-stage payload upon execution and operates even after the deletion of the malicious apps, according to a report from ESET.

Source: SC Magazine