BladeHawk Attackers Target Kurds with Android Apps

Threat Post - 

Pro-Kurd profiles deliver ‘888 ’ and ‘SpyNote’ trojans, masked as legitimate apps, to perform mobile espionage.

Attackers have been targeting the Kurdish ethic group for more than a year through an Facebook-based campaign that disguises backdoors in legitimate apps, researchers have found.

A group called BladeHawk is behind the campaign, discovered by researchers from firm ESET and active since at least March 2020, according to a report published this week. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles, researchers aid.

“These profiles appeared to be providing Android in Kurdish, and news for the Kurds’ supporters,” ESET researcher Lukas Stefanko wrote in the report, published Wednesday. “Some of the profiles deliberately spread additional apps to Facebook public groups with pro-Kurd content.”

All in all, researchers identified six profiles as part of the BladeHawk campaign, which have been sharing the Android spying apps and targeted about 11,000 followers through 28 unique posts. The profiles have been reported to Facebook and since disabled, Stefanko said.

Each of these posts in the campaign contained fake app descriptions and links to download an app, according to the post. Researches

Read More: https://threatpost.com/bladehawk-attackers-kurds-android/169300/