ESET reported a targeted cyber espionage campaign (dubbed eXotic Visit) of Android users in India and Pakistan from November 2021 through to the end of 2023. All of the malicious apps have been removed from the Google Play store, along with 10 extra apps containing XploitSPY Android RAT code. The threat actors (tracked as Virtual Invaders) customized their malicious code by adding obfuscation, emulator detection, hiding C2 addresses, and using a native library. ESET describes campaign timeline, victimology, obfuscation techniques, and provides a technical analysis. IOC and MITRE ATT&CK TTPs listed. 🔗 https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/

#eXoticVisit #VirtualInvaders #threatintel #cyberespionage #india #Pakistan #IOC #XploitSPY #L3mon #AhMyth

ESET reports a cyberespionage campaign (dubbed eXotic Visit) targeting a select group of Android users in Pakistan and India from November 2021 through the end of 2023. The malicious apps pimarily pose as messaging services and are bundled with open-source XploitSPY malware. ESET describes the timeline, provides a technical analysis and IOC. Not enough evidence to attribute this activity to any known threat group. 🔗 https://www.welivesecurity.com/en/eset-research/exotic-visit-campaign-tracing-footprints-virtual-invaders/

#eXoticVisit #cyberespionage #threatintel #IOC #XploitSPY