← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Arid Viper poisons Android apps with AridSpy
WHITE AridViper AlienVault 2024-06-14 Modified: 2024-07-14
45
IOCs
MEDIUM VOLUME
ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its command-and-control server to avoid detection and exfiltrates sensitive information like contacts, messages, locations, and media files.
aridspyandroidspywareexfiltrationespionage
MITRE ATT&CK & Malware Families
MALWARE FAMILIES
AridSpy
Indicators of Compromise (5 / 45 total)
All domain hostname FileHash-MD5 FileHash-SHA1 FileHash-SHA256
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 0cb41557841ff6f314c398250a165706e0b18f93674a7c12f4489018a1661673 SHA256 of 797073511a15eb85c1e9d8584b26baa3a0b14c9e 2024-06-14
FileHash-SHA256 19df327e7c0ffe8bd883f044c3906424cefe893d50a0d5386e8445668d2dd1e4 SHA256 of b806b89b8c44f46748888c1f8c3f05df2387df19 2024-06-14
FileHash-SHA256 a4e74f74e675a08fdf8e0b55d5da59af8f1c67a2820c97ba6c6790b29589663d SHA256 of 8ff57dc85a7732e4a9d144f20b68e5bc9e581300 2024-06-14
FileHash-SHA256 d6140ef329f2a8f141a05055b1d583a40dc9f5b26b00c63c72c7ebd82fa3c7ec SHA256 of 568e62abc0948691d67236d9290d68de34bd6c75 2024-06-14
FileHash-SHA256 f4ddfd426440829bcbbbe789cb0c18fa3a23798eb5643f1c88b7986390b3d648 SHA256 of a934fb482f61d85dda5e52a7015f1699bf55b5a9 2024-06-14
References (1)
↗ https://www.welivesecurity.com/en/eset-research/arid-viper-poisons-android-apps-with-aridspy/