Researchers tracked activity at the eXotic Visit event from November 2021 to the end of 2023.

New Delhi:

Researchers have discovered an active eXotic Visit campaign targeting Android users via a dedicated website and disinformation app distributed through Google Play, a new report said on Wednesday.

According to ESET Research, the campaign appears to be targeting some Android users in India and Pakistan.

Researchers tracked the eXotic Visit campaign from November 2021 to the end of 2023.

While the downloaded apps provide legitimate functionality, they are bundled with the open source XploitSPY malware.

“Applications containing XploitSPY can extract contact lists and files, the device’s GPS location, and file names listed in specific directories related to the camera, downloads, and various messaging applications such as Telegram and WhatsApp,” the researchers said. “

“The malware also uses native libraries, which are commonly used in Android app development to improve performance and access system functionality. However, in this case, the library is used to hide sensitive information, such as the address of the C&C server, making it It’s harder for security tools to analyze applications,” they added.

Apps such as Dink Messenger, Sim Info and Defcom have been removed from Google Play.

Additionally, the report identified ten additional applications containing XploitSPY-based code and shared its findings with Google. The apps were subsequently removed from the store.

Overall, about 380 victims downloaded the apps from the website and Google Play store and created accounts to use their messaging features, the report said.

(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)