bahamut, openvpn, android

A threat actor associated with cyberespionage operations since at least 2017 has been luring victims with fake VPN software for Android that is a trojanized version of legitimate software SoftVPN and OpenVPN.

Researchers say that the campaign was “highly targeted” and aimed at stealing contact and call data, device location, as well as messages from multiple apps.

VPN service impersonation

The operation has been attributed to an advanced threat actor tracked as Bahamut, which is believed to be a mercenary group providing hack-for-hire services.

ESET malware analyst Lukas Stefanko says that Bahamut repackaged the SoftVPN and OpenVPN apps for Android to include malicious code with spying functions.

By doing this, the actor ensured that the app would still provide VPN functionality to the victim while exfiltrating sensitive information from the mobile device.

To hide their operation and for credibility purposes, Bahamut used the name SecureVPN (which is a legitimate VPN service) and created a fake website [thesecurevpn] to distribute their malicious app.

bahamut, openvpn, android

Bahamut’s fake SecureVPN website source: ESET

Stefanko says that the hackers’ fraudulent VPN app can steal contacts, call logs, location details, SMS, spy on chats in messaging apps like Signal, Viber, WhatsApp, Telegram, and Facebook’s Messenger, as well as collect a list of files available in external storage.

ESET’s researcher discovered eight versions of Bahamut’s spying VPN app, all with chronological version numbers, suggesting active development.

All fake apps included code observed only in operations attributed to Bahamut in the past, such as the SecureChat campaign documented by cybersecurity companies Cyble and CoreSec360 [1, 2].

bahamut, openvpn, android

SQL queries Bahamut used in its malicious SecureChat and SecureVPN apps source: ESET

It is worth noting that none of the trojanized VPN versions were available through Google Play, the official repository for Android resources, another indication of the targeted nature of the operation.

The method for the initial distribution vector is unknown but it could be anything from phishing over email, social media, or other communication channels.

Details about Bahamut operations emerged in the public space in 2017 when journalists at the investigative group Bellingcat published an article about the espionage actor targeting Middle Eastern human rights activists.

Connecting Bahamut to other threat actors is a tall order considering that the group relies greatly on publicly available tools, constantly changes tactics, and its targets are not in a particular region.

However, BlackBerry researchers note in an extensive report on Bahamut in 2020 that the group ” appears to be not only well-funded and well-resourced, but also well-versed in security research and the cognitive biases analysts often possess.”

Some threat actor groups Bahamut has been associated with include Windshift and Urpage.


Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

With the DNS changed, users are redirected to malicious pages

View more: Wi-Fi routers are being hit by a dangerous new Android malware with extra DNS hacks

Is the 2023 Toyota RAV4 Too Old to Keep Up?

Today we’re putting the Toyota RAV4 in the spotlight to take a closer look at it. We know that there are tons of great things to say about it. It’s capable, spacious, and reliable. But is the 2023 Toyota RAV4 old? Is its age starting to show?  Is the 2023 ...

View more: Is the 2023 Toyota RAV4 Too Old to Keep Up?

The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

Hyundai is building a reputation as an automaker that makes a lot of great cars. This is the case with the 2016 Hyundai Sonata, as Hyundai gave the car a lot of updates for that model year, and that made the car nearly flawless. Here’s a look at how the ...

View more: The 2016 Hyundai Sonata Got ‘Nearly Everything Right’

How to Remove Memories in Google Photos

Open a Memory from the Google Photos app and tap the three-dot menu icon. Then select “Hide” and choose “Remove This Memory.” Google Photos resurfaces old photos and videos in an aptly named feature called “Memories.” However, not all memories are good memories, and you may not want to ...

View more: How to Remove Memories in Google Photos

The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Hyundai has some excellent SUVs in its lineup right now, all of which are reasonably priced to fit many budgets. The sport utility vehicles below come with Hyundai’s five-year/60,000-mile comprehensive coverage and 10 years/100,000 miles on key powertrain components. Here are three of the best Hyundai SUVs for 2023, packed ...

View more: The Best Hyundai SUVs for 2023: Midsize, Compact, and Crossover

Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Both the ’24 Mercedes-Benz CLA and Mercedes-AMG CLA receive 48V electrical systems providing additional low-end horsepower.

View more: Refreshed Mercedes CLA Gets Mild-Hybrid Technology

Best Ways To Fix Slow Internet During VPN On Windows 11

Is your VPN slowing down your Internet connection on Windows 11? You’re not alone – many users experience the same issue. Having slow Internet while using a VPN can be incredibly frustrating, especially in the middle of a big project. Whether working from home or just trying to stream your ...

View more: Best Ways To Fix Slow Internet During VPN On Windows 11

Best free sports streaming apps in 2023

Cutting the cord on cable television is something tons of people have done over the past five years. But that hasn’t proven to be the smartest way to continue to watch sports. Whether it comes from premium sports website subscriptions to keep tabs on your favorite players, or even fantasy ...

View more: Best free sports streaming apps in 2023

New software for millions of BMW vehicles with the latest software upgrade

After six months, the Galaxy A41 gets a new security update

9 Best Fix: Windows Won’t Recognize Android Device

Which Is a Better Used Sedan: the 2020 Chevrolet Impala or the 2020 Nissan Maxima?

Galaxy Tab S6 Lite Wi-Fi gets One UI 5.0 as its last major update

2023 Alfa Romeo Tonale PHEV: full pricing and specs revealed

8 Best Smart Home Automation Apps for Android and iOS

4 Reasons to Avoid the 2023 Nissan Maxima

One UI 5.0 feature focus: Create home screen widget stacks

Will 5G Make Me Use More Cellular Data?

No Sound on Windows 11? Here Are 6 Ways How to Fix It!

2024 Alfa Romeo Tonale Gets Reasonable Starting Price


Top Car News Car News