← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Bahamut cybermercenary group targets Android users with fake VPN apps | WeLiveSecurity
WHITE Bahamut CyberHunter_NL 2022-11-25 Modified: 2022-11-25
17
IOCs
MEDIUM VOLUME
ESET researchers have identified an active campaign by the Bahamut cybermercenary group, which targets Android users with fake VPN apps, and can extract sensitive data from their victims’ messaging apps.
bahamutdiscovery bahamutsecurechatsecurevpnscripts bahamutkeylogging bahamuttracking bahamutcapture bahamutdata bahamutlist bahamutmessages bahamutprotocols bahamutchannel bahamutbahamut spywarefigurec serveropenvpnfake securevpngoogle playsoftvpnsecurevpn appviberandroidborgeshuntertwitterchatlazarus
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
Channel Bahamut Protocols Bahamut Messages Bahamut List Bahamut Data Bahamut Capture Bahamut Tracking Bahamut Keylogging Bahamut Scripts Bahamut SecureVPN SecureChat Discovery Bahamut Bahamut
Indicators of Compromise (2 / 17 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 20e66b734fa959145a8ef75d2e6cdffb MD5 of 3144b187edf4309263ff0bcfd02c6542704145b1 2022-11-25
FileHash-MD5 babbd2b9f9267b43cd8abf8e6bca5b10 MD5 of 79bd0bdfdc3645531c6285c3eb7c24cd0d6b0faf 2022-11-25
References (1)
↗ https://www.welivesecurity.com/2022/11/23/bahamut-cybermercenary-group-targets-android-users-fake-vpn-apps/