Facebook warns of malware operating out of Pakistan and India that is spying on users

News sources are warning against a new kind of ‘spying’ malware that is snooping on thousands of individuals.

These hackers are using a virus that is capable of gaining access to a device’s camera, mic, text messages, and call logs.

Meta also links APT36 to the Pakistan government, which several other security firms have also done in the past, namely to the Pakistani Ministry of Defence.

Also, the "attractive young women" again.

Remember boys! If it's a sexy woman on Facebook, it's most likely an APT! pic.twitter.com/pIhVso8Ylh

— Catalin Cimpanu (on vacation) (@campuscodi) August 4, 2022

Spying malware

A cyber-espionage group that is functioning out of Pakistan and India has been spying on thousands of people through malware that presents itself as popular messaging applications.

The revelation came after Facebook published a detailed report on the matter. In the report, the social media giant thoroughly explained how a group known as ‘Bitter APT’ has been installing malware on Android devices through fake versions of apps like Telegram, WhatsApp, and Signal, which have become popular amongst Ukrainians during the ongoing Russian invasion.

The name found in the malware code was ‘Dracarys,’ and according to Facebook, the malware can siphon off every type of information from an Android device. In fact, it can even access geolocation data, contacts files, camera, and microphone.

How Dracarys works

The virus has been propagating on Meta’s social media sites, as hackers post young women, activists, or journalists to convince people to download the corrupt app. After that is done, they then abuse the accessibility features that are intended to help users with disabilities.

Due to its legitimacy, even anti-virus systems fail to detect it. Prior to this, news sources also found links between Bitter APT and the Indian government. It is unclear whether the group belongs solely to India in origin, but it operates out of South Asia, targeting people in Pakistan, New Zealand, and India.

Pakistan-based hacking unit

Facebook has also announced action against a Pakistan-based government hacking unit, called ‘APT36.’ This group also created spy tools that disguised themselves as WeChat, YouTube, and WhatsApp.

The malware is apparently an upgraded version of an Android tool called ‘XploitSPY,’ which was originally developed by a group of ‘ethical hackers’ in India. It also had the ability to snoop on contacts, listening to users through microphones and call lists.

APT36 has been targeting people in Pakistan, Afghanistan, India, Saudi Arabia, and UAE. This includes government officials, employees of human rights, non-profit organizations, students, and military personnel.

Facebook’s head of cyber espionage investigations, Mike Dvilyanski said that Meta has identified as many as 10,000 users across nine countries, who may have been targeted by APT36 and Bitter APT. It is also in the process of warning users over Instagram and Facebook directly.

Mike told news sources that if you have been exposed to such kinds of spyware, then they want to suggest tools that can help secure your presence online.

What are your views on this? Share in the comments bar below.