Mastodawn

Jun 17, 2024

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware
https://thehackernews.com/2024/06/arid-viper-launches-mobile-espionage.html #Cybercrime #AridViper #Malware #Spyware #AridSpy

Arid Viper Launches Mobile Espionage Campaign with AridSpy Malware

Arid Viper launches mobile espionage campaign using trojanized Android apps to deliver AridSpy spyware, targeting Middle East users via fake messaging

The Hacker News

Marcel SIneM(S)US Nov 8, 2023

Gaza-Gang #AridViper: Gezielte Angriffe mit gefälschter Dating-App Skipped | heise online https://www.heise.de/news/Gaza-Gang-Arid-Viper-Gezielte-Angriffe-mit-gefaelschter-Dating-App-Skipped-9354792.html

Gaza-Gang Arid Viper: Gezielte Angriffe mit gefälschter Dating-App Skipped

Die Malware "Skipped_Messenger" baut Hintertüren in Smartphones ein und nutzt dieselbe Google-Projektbasis wie die fast gleichnamige Dating-App aus Deutschland.

heise online

Cisco Talos Oct 31, 2023

A threat actor known as #AridViper (likely operating out of #Gaza) has been targeting users in the #MiddleEast with #spyware disguised as dating apps, dating back to November 2022. https://blog.talosintelligence.com/arid-viper-mobile-spyware/

Arid Viper disguising mobile spyware as updates for non-malicious Android applications

Since April 2022, Cisco Talos has been tracking a malicious campaign operated by the espionage-motivated Arid Viper advanced persistent threat (APT) group targeting Arabic-speaking Android users.

Cisco Talos Blog

Julian-Ferdinand Vögele Oct 19, 2023

Recorded Future has identified an app spread on a Telegram used by members or supporters of #Hamas. Infrastructure analysis led to a cluster of domains mimicking domain registration tradecraft of #TAG63 (#AridViper, APT-C-23, Desert Falcon), a group believed to operate on behalf of Hamas: https://www.recordedfuture.com/hamas-application-infrastructure-reveals-possible-overlap-tag-63-iranian-threat-activity

Hamas Application Infrastructure Reveals Possible Overlap With TAG-63 and Iranian Threat Activity | Recorded Future

Insikt Group identified an application disseminated on a Telegram Channel used by members or supporters of the Hamas terrorist organization

Jon Greig Apr 4, 2023

A state-backed group believed to be operating out of the Palestinian territories targeted local organizations in Palestine during a campaign that began in September 2022 and lasted until at least February 2023 #mantis #aridviper

https://therecord.media/palestinian-apt-group-cyber-espionage

APT group targeting organizations in Palestinian territories, researchers say

A state-backed group believed to be operating out of the Palestinian territories targeted local organizations in a campaign that began in September 2022 and lasted until at least February 2023.

ITSEC News Dec 14, 2020

New Windows Trojan Steals Browser Credentials, Outlook Files - The newly discovered Python-based malware family targets the Outlook processes, and browser creden... https://threatpost.com/windows-trojan-steals-browser-credentials-outlook-files/162223/ #informationsstealer #browsercredentials #microsoftwindows #vulnerabilities #pyinstaller #pymicropsia #threatgroup #middleeast #aridviper #micropsia #malware #outlook #windows #python #trojan #hacks

New Windows Trojan Steals Browser Credentials, Outlook Files

The newly discovered Python-based malware family targets the Outlook processes, and browser credentials, of Microsoft Windows victims.

Threatpost - English - Global - threatpost.com