ESET reported a targeted cyber espionage campaign (dubbed eXotic Visit) of Android users in India and Pakistan from November 2021 through to the end of 2023. All of the malicious apps have been removed from the Google Play store, along with 10 extra apps containing XploitSPY Android RAT code. The threat actors (tracked as Virtual Invaders) customized their malicious code by adding obfuscation, emulator detection, hiding C2 addresses, and using a native library. ESET describes campaign timeline, victimology, obfuscation techniques, and provides a technical analysis. IOC and MITRE ATT&CK TTPs listed. 🔗 https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/

#eXoticVisit #VirtualInvaders #threatintel #cyberespionage #india #Pakistan #IOC #XploitSPY #L3mon #AhMyth