They disguise themselves under fake VPN services and spy on you
SET was able to identify at least 8 versions of these malware-infected apps with code changes and updates available on the web they use for their distribution. If Bahamut spyware is enabled, Bahamut operators can remotely control it and leak various sensitive data from the device as we have said above.
Fake VPN apps They are not in the Google Play app store. In order to increase their reach, hackers have created a Fake SecureVPN website to distribute their malicious applications and thus attract new victims.
ESET considers it a solution tailor-made for certain victims and not for all indiscriminately. Victims of the attack must receive an activation key. The software is not going to run on random users’ devices, but is initially targeting specific people. What they are looking for is to get confidential user data and spy on messaging apps such as Telegram, WhatsApp, Signal, Viber and Facebook Messenger.
As stated by ESET researcher Lukas Stefanko, the exfiltration of data is carried out through the malware keylogging functionality, which misuses accessibility services. All the extracted data is stored in a local database and later sent to the command and control (C&C) server. In addition, the app can be updated by receiving a link to a new version from the C&C server.
Do not install apps from untrusted sites
Although in this case, the way to get infected is by accessing this website and downloading one of the infected apps, it is worth taking extreme precautions when using your mobile. It is important do not download apps from untrusted sources since your mobile can be infected by a Trojan, virus or miner with the consequences that this has, even if sometimes you don’t even know that your data or your mobile are in danger.
If you are going to install a VPN service to ‘change your region’, maintain your privacy or any other use that is usually given to this type of service, check that the domain is official of the service and do not install it from any other site. If you don’t have total security, don’t install anything. Also, it is good that you have an antivirus on your mobile and check that you are not installing anything that could harm you. If so, immediately uninstall the malicious app to prevent it from further affecting you.