Cyber-mercenary group Bahamut strikes again
Published: November 28, 2022

Cyber-mercenary group Bahamut strikes again
Cyber-mercenary group Bahamut strikes again

Cyber-mercenary group Bahamut strikes again.

An infamous cyber-mercenary group is injecting Android devices with a spyware to steal users' conversations, new ESET research has found. 

These malware attacks are launched via fake Android VPN apps, with evidence suggesting the hackers employed malicious versions of SecureVPN, SoftVPN and OpenVPN software. 

Known as Bahamut ATP, the group is thought to be a service for hire that typically launches attacks through spear phishing messages and fake applications. According to previous reports, its hackers have been targeting both organizations and individuals across the Middle East and South Asia since 2016. 

Estimated to have begun in January 2022, ESET researchers believe that the group's campaign of distributing malicious VPNs currently remains ongoing. 

"The campaign appears to be highly targeted, as we see no instances in our telemetry data," said Lukáš Štefanko, the ESET researcher who first discovered the malware. 

"Additionally, the app requests an activation key before the VPN and spyware functionality can be enabled. Both the activation key and website link are likely sent to targeted users."

Štefanko explains that, once the app is activated, Bahamut hackers can remotely control the spyware. This means that they are able to infiltrate and harvest a ton of users' sensitive data.

"The data exfiltration is done via the keylogging functionality of the malware, which misuses accessibility services," he said.

From SMS messages, call logs, device locations and any other details, to even encrypted messaging apps like WhatsApp, Telegram or Signal, these cybercriminals can spy on virtually anything they found on victims' devices without them knowing it. 

ESET identified at least eight versions of these trojanaized VPN services, meaning that the campaign is well-maintained. 

It is worth noting that in no instance was malicious software associated with the legitimate service, and none of the malware-infected apps were promoted on Google Play. 

The initial distribution vector is still unknown, though. Looking back at how Bahamut ATP usually works, a malicious link could have been sent via email, social media or SMS. 

Despite still being not clear who's behind, the Bahamut ATP seems to be a collective of mercenary hackers as their attacks don't really follow a specific political interest.

Bahamut has been prolifically conducting cyberespionage campaigns since 2016, mainly across the Middle East and South Asia. 

The investigative journalism group Bellingcat was the one first exposing their operations in 2017, describing how both international and regional powers actively engaged in such surveillance operations. 

"Bahamut is therefore notable as a vision of the future where modern communications has lowered barriers for smaller countries to conduct effective surveillance on domestic dissidents and to extend themselves beyond their borders," concluded Bellingcat at the time.  

The group was then renamed Bahamut, after the giant fish floating in the Arabian Sea described in Jorge Luis Borges’ Book of Imaginary Beings.  

More recently, another investigation highlighted how the Advanced Persistent Threat (APT) group is increasingly turning on mobile devices as a main target. 

Cybersecurity firm Cyble first spotted this new trend last April, noting that the Bahamut group "plans their attack on the target, stays in the wild for a while, allows their attack to affect many individuals and organizations, and finally steals their data."


Customer Reviews:

We all have been VERY pleased with Adrian's vigila
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and successful repairs. Evan was also very helpful in solving all of my hacking problems. So in all aspects of the Computer Geeks we are very glad we are working with you.
Kenneth Bruscia PhD
Published:
Kenneth Bruscia PhD
[email protected]
FIVE STARS + It's true, this is the place to go fo
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my problem immediately. It's such a comfort to know that I can reply on these people for any and all my web needs. You will not find a better team anywhere.
Paul Adler
Published:
Paul Adler
[email protected]
We reached out to Rich and his team at Computer Ge
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help because our former website design agency left us hanging with major website issues that needed immediate attention. Rich and his team were extremely helpful and quick to come to our rescue! They have helped us with numerous projects that have helped our SEO. Our sales have increased 30% since coming to Computer Geek. We've been working with them for about nine months now and are very pleased with their response time and helpful manner. Rich has proven himself to be trustworthy and dependable. We feel valued as a customer and look forward to continuing a relationship with Computer Geek.
Leigh Hutchens
Published:
Leigh Hutchens
[email protected]
Just to say thank you for all the hard work. I can
Just to say thank you for all the hard work. I can't express enough how great it's been to send projects and they get done. Beyond that, your ability to work with three different folks in a personable way really has been a game changer for us. The improvements to our business because of your hard work have been significant.
Curtis Williams
Published:
Curtis Williams
[email protected]
I would certainly like to recommend that anyone pu
I would certainly like to recommend that anyone pursing maintenance for a website to contact The Computer Geek. I have been using another company to do some maintenance on my site with moderate success. There were issues that were evidently beyond what could be handled by them. However, the professionals at The Computer Geek had them addressed and rectified in no time at all. The Computer Geek approached all of my requests focusing on my goals and the needed performance. Then, once versed, presented me with a very reasonable price. Once the projects were in motion, I found that the tasks were achieved before I expected, with professional results. Also, in one instance where The Computer Geeks brought an issue to my attention that I would have likely overlooked. This was accompanied by a recommendation on how to solve the issue. Overall The Computer Geeks exceeded my expectations!
David Pappas
Published:
David Pappas
[email protected]
I have a important website dedicated to the local
I have a important website dedicated to the local high school going back nearly 100 years. It was suddenly infected with a virus. Rich at Computer Geek fixed it within an hour. I cannot recommend him enough. I hope it's not for a long time, but the next time I need help, Rich is who I'm gonna call.
Eric Williams
Published:
Eric Williams
[email protected]
WOW! I have been wracking my brain for the past 30
WOW! I have been wracking my brain for the past 30 days trying to figure out who was hosting my company's website the domain owner, etc. Yesterday, when I googled for help and I clicked on the link to computer-geek.net and picked up the phone and called them. Rich answered and from there it was smooth sailing!
Rhonda Harding
Published:
Rhonda Harding
[email protected]
A note to let you know how much I appreciate your
A note to let you know how much I appreciate your team's work. Justin is on top of quickly solving any issues, making changes, reliable. Finding you was one of the luckiest days of my 74 years. I'd be honored if you'd add me to your list of references. And please stay healthy and in business. I got enough headaches from other folks.
Dan Cutrer
Published:
Dan Cutrer
[email protected]
We discovered an issue with our Oscommerce cart pr
We discovered an issue with our Oscommerce cart processing images. It is about 14 years old and heavily modified. Looking on google for some expert help I found Rich and reached out to him. We received a response the same day. The next day his team was working on our issue and was able to solve it within a few hours. Price was reasonable and we are very appreciative to find a competent and professional oscommerce expert to help successfully troubleshoot our issue.
Phillip Sirota
Published:
Phillip Sirota
[email protected]
I'm very new to the whole idea of having a website
I'm very new to the whole idea of having a website / blog. I used Bluehost.com and WordPress.org to create Thepredatorhunter.com and then managed to wreck it. On a Sunday morning I opened chat box with Rich and within a few hours everything was fantastic! This isn't just a company for big biz, if your new and small, The Computer Geek can help you out. In trouble? Stop fretting and start typing in the chat box. You will be glad you did!
Dennis Gilmore
Published:
Dennis Gilmore
[email protected]
[Read More Testimonials Here]

Latest Website Related Articles

YouTube's Go Live Together lets you co-host a live stream

Published: February 5, 2023
YouTube's Go Live Together lets you co-host a live stream. YouTube is rolling out a brand new collaboration feature allowing two people to livestream at the same time – the aptly named Go Live Together. The way it works is one creator...[Read More]

 

Twitter Shares Ad Revenue with Creators for Ads Appearing in Reply Threads

Published: February 4, 2023
Twitter has begun sharing ad revenue with content creators for ads that appear in their reply threads. The new program is only available to creators with Twitter Blue subscription. New Twitter owner Elon Musk has announced that starting Friday, th...[Read More]

 


Here are some links to related topics:
 zen cart support,   best link building company,   get backlinks,   cloudhosted hacked,   pure host hacked,   verio hacked,  


Auto Helpers: Auto Helpers
Site Secured By The Website Guardian