As of 2018, a group of supposedly harmless Android applications has been infecting Israeli users with spyware, and the operation is still ongoing.
According to BleepingComputer, security specialists at Qihoo 360 noticed spyware-laden applications posing as social apps such as Threema, Al-Aqsa Radio, Al-Aqsa Mosque, Jerusalem Guide, PDF viewer, and Wire.
Apparently, the most exploited application is one masquerading as Threema, an open-source end-to-end encrypted instant messaging application for iOS and Android.
The initial vector for these apps, according to experts, is a WhatsApp text or Facebook post that redirects targets to a web page that hosts the APK and allows them to download it.
As shown below, in some situations, the messages included a link to a reportedly vital confidential PDF document on Google Drive.
The victim is then persuaded to download and install an APK that appears to be the mobile version of Adobe Reader but is in fact spyware.
Following the examination of several samples, the specialists discovered that the threat actors use a variety of commodity malware for these attacks, including SpyNote, Mobihok, WH-RAT, and 888RAT.
As explained by BleepingComputer, all of these are profit-oriented spyware with strong usefulness, including file exfiltration,