Buzz
Specifically, according to researchers, this sophisticated attack campaign aims to steal communication and call data, device location, as well as messages from various applications.
Hackers Modify Android OpenVPN App to Include Spyware
The deceptive VPN actions are believed to be orchestrated by a professional cybercrime group known as Bahamut. According to information gathered by Mytour, this is a cybercriminal group specialized in carrying out targeted cybersecurity attacks.
ESET's malware analyst, Lukas Stefanko, revealed that Bahamut group injected spyware functionalities into two Android VPN applications, SoftVPN and OpenVPN, and distributed them to users. In this way, users downloading the 'fake' VPN app can still use the VPN service normally, but the malicious code will extract information from their mobile devices.
To establish credibility and gain users' trust, Bahamut used the name SecureVPN (a reputable VPN service) and created a fake website [thesecurevpn] to distribute their spyware.
Stefanko further added that this alleged fake VPN app can steal contact information, call logs, location details, SMS, monitor conversations in messaging apps such as Signal, Viber, WhatsApp, Telegram, and Facebook's Messenger, as well as collect a list of files available in external memory.
Security experts from ESET have uncovered 8 'fake' versions of the Bahamut VPN app containing spyware. All versions are sequentially numbered, indicating a sophisticated and professional plan.
Notably, none of the 'fake' versions appear on Google Play, the official Android app store. Therefore, the distribution method of this criminal group's malware remains unknown. Users may have been deceived through email, social media, or other communication channels.
=> You can check the official download link for OpenVPN here:
+ Download link for OpenVPN for Android
+ Download link for OpenVPN for iPhone
Detailed information about Bahamut's activities surfaced in the community in 2017 when journalists from the investigative group Bellingcat published an article about a cybercrime group targeting human rights activists in the Middle East.
Unveiling Bahamut is a formidable task, given the group's extensive use of publicly available tools, constant evolution in attack methods, and a wide range of unspecified targets.
However, BlackBerry researchers issued a warning about Bahamut in a 2020 report, stating that this hacker group 'appears to be not only well-funded and resourceful but also highly adept in security research and user behavior analysis.'
