Trojanized versions of a number of Android applications, including a malicious version of the famous Pakistan Citizen Portal, primarily marketed to users
Warning 5 New Trojanized Android Apps Spying On Users In Pakistan
Designed to masquerade apps such as the
Pakistan Citizen Portal, a Muslim prayer-clock app called
Pakistan Salat Time,
Registered SIMs Checker, and
TPL Insurance, the malicious variants have been found to obfuscate their operations to stealthily download a payload in the form of an Android Dalvik executable (DEX) file. The DEX payload contains most of the malicious features, which include the ability to covertly exfiltrate sensitive data like the user s contact list and the full contents of SMS messages, Sophos threat researchers Pankaj Kohli and Andrew Brandt said. The app then sends this information to one of a small number of command-and-control websites hosted on servers located in eastern Europe.