Attacks with new Android malware purporting to be the Tanzeem or Tanzeem Update messaging apps have been deployed by suspected Indian advanced persistent threat operation DoNot Team to facilitate intelligence operations, reports The Hacker News.
Cyfirma researchers said the installation of Tanzeem or Tanzeem Update triggers a bogus chat page containing a "Start Chat" button, which when clicked would lure targets into permitting accessibility permissions as the app seeks permissions enabling contact, call log, location, account information, and external storage file exfiltration activities.
Widely-known customer engagement platform OneSignal has also been exploited by the Android app to deliver notifications believed to include phishing links enabling malware delivery.
"The collected samples reveal a new tactic involving push notifications that encourage users to install additional Android malware, ensuring the persistence of the malware on the device," said Cyfirma. "This tactic enhances the malware's ability to remain active on the targeted device, indicating the threat group's evolving intentions to continue participating in intelligence gathering for national interests."
