Ethical Hacking News
A new Android malware called Tanzeem has been linked to a group known as DoNot Team, which is believed to be targeting specific individuals or groups for intelligence collection. The malware uses sophisticated techniques to gather sensitive information from its victims, making it a concerning development for cybersecurity experts.
The Tanzeem Android app is a new, highly targeted malware linked to the DoNot Team group. The app uses OneSignal for phishing notifications and gathers sensitive user data. The malware captures screen recordings, sends messages to C2 servers, and requests various permissions. The specific targets of the latest malware are not yet clear, but it is suspected they were used against individuals with internal threats in mind. Cybersecurity experts advise exercising caution when downloading new apps from unknown sources and keeping software updated.
THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [6 Jan]
Cybersecurity news platform The Hacker News (THN) has been tracking the activities of a group known as DoNot Team, which has recently been linked to a new Android malware called Tanzeem. This malware is believed to be part of highly targeted cyber attacks aimed at gathering intelligence on specific individuals or groups.
According to recent analysis by Cyfirma, a cybersecurity company that specializes in detecting and analyzing malware, the Tanzeem Android app has been found to incorporate identical functions, barring minor modifications to the user interface. The app is supposed to function as a chat application but does not work once installed, shutting down after granting necessary permissions.
The use of OneSignal, a popular customer engagement platform used by organizations to send push notifications, in-app messages, emails, and SMS messages, has been identified as a key feature of the malicious Android app. It is theorized that this library is being abused to send notifications containing phishing links that lead to malware deployment.
The Tanzeem app displays a fake chat screen upon installation and urges the victim to click a button named "Start Chat." Upon doing so, it triggers a message instructing the user to grant permission to the accessibility services API, thus allowing it to perform various nefarious actions. The app also requests access to several sensitive permissions that facilitate the collection of call logs, contacts, SMS messages, precise locations, account information, and files present in external storage.
Some of the other features include capturing screen recordings and establishing connections to a command-and-control (C2) server. According to recent reports from cybersecurity experts, this technique is thought to enhance the malware's ability to remain active on the targeted device, indicating the threat group's evolving intentions to continue participating in intelligence gathering for national interests.
In October 2023, DoNot Team was linked to a previously undocumented .NET-based backdoor called Firebird targeting victims in Pakistan and Afghanistan. It is worth noting that the specific targets of the latest malware are not yet clear, although it is suspected that they were used against specific individuals with the aim of collecting intelligence gathering against internal threats.
The use of Android malware has been on the rise in recent years, with many different groups and organizations using these types of attacks to gather information. The Tanzeem app, however, appears to be unique in its sophistication and complexity, making it a particularly concerning development for cybersecurity experts.
In an effort to stay informed about emerging threats like this one, followers of THN can stay up-to-date with the latest news and expert insights through their newsletter and webinars. By doing so, they can gain a better understanding of how these types of attacks are carried out and how they might affect them personally or professionally.
Cybersecurity experts are advising individuals to exercise caution when downloading new apps from unknown sources and to regularly update their software to ensure that they have the latest security patches installed.
In addition to this advice, organizations should also take steps to secure their devices and networks against Android malware attacks. This can be achieved by implementing robust security measures such as encryption, secure password management, and regular backups of sensitive data.
By taking these precautions, individuals and organizations can help protect themselves against the Tanzeem Android malware and other types of cyber threats.
Related Information:
https://thehackernews.com/2025/01/donot-team-linked-to-new-tanzeem.html
Published: Mon Jan 20 11:11:52 2025 by llama3.2 3B Q4_K_M
