android, bitter, cyber-espionage, malware, signal, spyware, android

Researchers have discovered more details on the newly discovered Android spyware ‘Dracarys,’ used by the Bitter APT group in cyberespionage operations targeting users from New Zealand, India, Pakistan, and the United Kingdom.

Meta (Facebook) first reported the new Android malware in its Q2 2022 adversarial threat report, where they briefly mentioned its data-stealing, geo-locating, and microphone-activation capabilities.

Today, cyber-intelligence firm Cyble published a technical report on Dracarys, which was shared exclusively with Bleeping Computer, diving deeper into the inner workings of the spyware.

Using Signal to deploy malware

While Meta mentions laced versions of Telegram, WhatsApp, and YouTube, Cyble’s investigation only uncovered a trojanized version of the Signal messaging app.

The hacking group delivered the app to victims via a phishing page made to appear as a genuine Signal download portal, using the domain “signalpremium[.]com,” as shown below.

android, bitter, cyber-espionage, malware, signal, spyware, android

The fake Signal website that distributes malware (Cyble)

As Signal’s source code is open source, the Bitter APT hacking group was able to compile a version with all of the usual features and expected functionality. However, the threat actors also added the Dracarys malware to the source code when compiling the messaging app.

android, bitter, cyber-espionage, malware, signal, spyware, android

Code comparison between clean Signal and trojanized version (Cyble)

The permissions requested upon installation of the malware include access to the phone’s contact list, SMS, access to the camera and microphone, read and write storage, make calls, and access to the device’s precise location.

Even if risky, these permissions are somewhat typical for chat applications, so the request is unlikely to raise suspicions.

Dracarys also abuses the Accessibility Service to auto-grant additional permissions and continue running in the background even if the user closes the Signal app, raising its privileges and “clicking” on the screen without user interaction.

Dracarys steals your data

When launched, Dracarys will connect to a Firebase server to receive commands on what data should be collected from the device.

The data that Dracarys can collect and transmit to the C2 server include the following:

  • Contact list
  • SMS data
  • Call logs
  • Installed applications list
  • Files
  • GPS position

Finally, the spyware can capture screenshots from the device, record audio, and upload the media to the C2, which in the sample analyzed by Cyble was “hxxps://signal-premium-app[.]org”.

android, bitter, cyber-espionage, malware, signal, spyware, android

Screenshot and audio recorder functions (Cyble)

How to stay safe

Always be wary of suggestions to download safe/secure chat applications, and when you are about to download one, make sure to use the official Google Play Store rather than a third-party site.

When installing a new application on your device, pay attention to the requested permissions and regularly monitor battery and internet data consumption to uncover any processes running in the background.

Using social engineering to impersonate legitimate companies and people is rampant despite Meta’s efforts to discover and block fake accounts, so hacking groups like Bitter APT are bound to continue to utilize new accounts to convince users to install their malware.

TECH NEWS RELATED

2022 Hyundai Staria 10-seater Launched - 3 Variants, Lite, Plus and Max - Priced From RM180k

Hyundai-Sime Darby Motors(HSDM), the authorized distributor of Hyundai in Malaysia today announced the introduction of the 10-seater Staria, a more price-friendly version of the space-ship-inspired MPV. The Hyundai Staria which was first introduced into the local market back in October 2021 debuted as a premium 7-Seater MPV, but the 10-seater option ...

View more: 2022 Hyundai Staria 10-seater Launched - 3 Variants, Lite, Plus and Max - Priced From RM180k

The Seven Deadly Sins: Grand Cross celebrates 50 million downloads with new character, login bonuses and more

Netmarble is celebrating a whopping 50 million downloads for The Seven Deadly Sins: Grand Cross, its incredibly popular mobile gacha RPG on iOS and Android. In the “50 Million DL Celebration Festival”, players can expect a new hero, themed special events, lots of in-game rewards and more. In the ...

View more: The Seven Deadly Sins: Grand Cross celebrates 50 million downloads with new character, login bonuses and more

Missed buying Nothing Phone (1) during Big Billion Days? You Can Still Get It With Similar Offers on Flipkart

Nothing Phone (1) is available with up to Rs 7,000 discount in Flipkart's Big Dussehra Sale.

View more: Missed buying Nothing Phone (1) during Big Billion Days? You Can Still Get It With Similar Offers on Flipkart

2023 BMW XM Due in Australia First Half of 2023

After a concept preview and a long teaser campaign, BMW’s M Division has revealed its first bespoke car in 40 years: the 2023 BMW XM. Due in Australia in the first half of 2023, the XM is a V8 plug-in hybrid sports SUV that pumps out 480kW of power ...

View more: 2023 BMW XM Due in Australia First Half of 2023

5 iOS, Android Productivity Apps That are Helpful for Students

Being a student is not an easy task. There will be a lot of assignments and requirements to complete. There will be tons of materials to review and study. Amid all the coursework, there could be a lot of distractions. Now that we are in the age of social media, ...

View more: 5 iOS, Android Productivity Apps That are Helpful for Students

Spiritfarer lets players guide souls into the afterlife, out now on mobile via Netflix

Thunder Lotus, Playdigious and Netflix are officially bringing Spiritfarer to mobile, letting subscribers to the streaming service get their hands on the death-themed management game with no disruptive ads or pesky in-app purchases. The “cosy death-positive adventure” joins the budding lineup of games from Netflix where all players need ...

View more: Spiritfarer lets players guide souls into the afterlife, out now on mobile via Netflix

Moto E32 India Launch Date Set for October 7: Specifications and Everything We Know About

The Moto E32 will be powered by a MediaTek Helio G37 processor.

View more: Moto E32 India Launch Date Set for October 7: Specifications and Everything We Know About

2023 Toyota GR Supra pricing announced, manual due in November

UPDATE: Manual GR Supra in Australia from November The updated 2023 Toyota GR Supra, including the long-awaited manual option, will be on sale in Australia from November 10. Confirmation of a manual transmission for the new GR Supra came back in March, after months of speculation that the automatic offered ...

View more: 2023 Toyota GR Supra pricing announced, manual due in November

Redmi Pad Price in Malaysia & Specs

2023 Hyundai Ioniq 6 WLTP driving range ranks among best in class

Suzuki Jimny 5-door spied ahead of expected 2023 reveal

How to Change App Icon Size on Your Android Device

Linux kernel 5.19.12 can damage Intel laptop LCDs

2023 Toyota Corolla: Australian details revealed

Today’s Wordle Answer (October 5th, 2022): Puzzle 473 Hints, Clues, and Solution

Minecraft Devs Reveal a Cute Ancient Mob as First Candidate for Popular Vote

2023 CB750 HORNET RELEASED

New Renault Megane E-Tech 2022 review

Vauxhall Combo, Vivaro and Movano vans get a range revamp with Prime and Pro models

10 Best TikTok Video Downloaders in 2022

OTHER TECH NEWS

Top Car News Car News