Liputan6.com, Jakarta – The perpetrators of crimes related to espionage on the internet, were caught trying to lure Android users with fake VPN app.
ESET researchers say that this fake VPN on Android is a trojan version of the official application SoftVPN and OpenVPN.
Collect Bleeping ComputerMonday (28/11/2022), this method aims to steal contact and call data, device location, and messages from various applications.
As for the researchers malware at ESET said the operation was linked to a sophisticated criminal known as Bahamut.
It is believed that Bahamut is a group that provides services as paid hackers.
ESET malware analyst Lukas Stefanko said, Bahamut modifies SoftVPN and OpenVPN by adding code to spy on victims.
This way, bad actors can ensure the app continues to provide VPN functionality to victims.
Without them realizing it, the personal information of the victim who installed these two fake VPN applications had been stolen by cybercriminals.
To hide its actions and for credibility, Bahamut uses the name SecureVPN (a legal VPN service).
The perpetrator also deliberately created a fake site with a fake name [thesecurevpn]used to distribute their malicious application.
Stefanko said that VPN applications made by perpetrators can steal contacts, call logs, location details, SMS, and spy on chats on messaging applications, such as Signal, Viber, WhatsApp, Telegram, and Facebook Messenger.
Researchers at ESET also found that there are eight versions of Bahamut’s spy VPN app, and all have sequential version numbers.
This indicates the actor continues to update VPN application fake, so it looks like it’s active and supported by the developer.