Beware of The Sandstrike Malware on Unreliable VPNs - FastVPN
Kaspersky lab reported that Android users are being targeted by malware. It is called Sandstrike. There is no irony in the name. The malware steals victim data without being detected. Kaspersky lab says that they are still investigating those behind this Sandstrike malware attack.
What Is Sandstrike Malware
Hackers made Sandstrike malware to steal personal data from Android users. The malware is attached to a VPN app. When Android users download it, the VPN encrypts the users’ connection. By this way, it hides what users do on the internet from everybody including law enforcement. It is not finished yet…
After the malware hides user data, the hackers gather their victim on the digital world. They use social media channels to spread Telegram channel links. To gain trust, they have increased the number of followers of the accounts. On the social media account, there are religious posts. Using this social media account as a cover, the hackers transport the users to the Telegram Channel where they distribute malicious links.
When the users click the links, their personal data starts being stolen. It is just like a snake moving under the sand, isn’t it?
How Do They Market Their App?
The hackers use religion. They promote the malicious VPN as a way to worship free. The victims believe the VPN as a tool to unblock religious websites and applications. The app users trust the links and click them. They see results too. While they are enjoying the content, Sanstrike malware steals all the valuable data.
“Today it is easy to distribute malware via social networks and remain undetected for several months or even more. This is why it is so important to be as alert as ever and make sure you are armed with threat intelligence and the right tools to protect from existing and emerging threats,” Chebyshev said.
The VPN Hides How Sandstrike Malware Steals Data From App Users
There is a tricky part here. The hackers use the VPN to hide how they steal data. This might be the biggest reason why the investigations haven’t revealed the hackers yet. Let’s see how they hide the data.
When a user starts using the VPN app, they lead the user to a social media account
On the social media account there is a Telegram Channel link
On the Telegram Channel, there are links to hosts that steal data
When the user click the link, the activities on the internet are encrypted by the VPN
Through this encrypted tunnel, the malware steals personal data including call logs and contact list
So, the hackers steal the victim's personal data untraceably.
Kaspersky’s Comment On This Malware
Kaspersky’s lead security researcher, Victor Chebyshev claimed that “In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and security, is an excellent example,”.
“The VPN client contains fully-functioning spyware with capabilities allowing threat actors to collect and steal sensitive data, including call logs, contact lists, and also track any further activities of persecuted individuals,” Kaspersky said.