A watering hole attack has been discovered on the Hunza News website, a regional news website in Pakistan that focuses on news about the Gilgit-Baltistan region. This attack specifically targets Urdu-speaking users in the region and utilizes a newly identified spyware called Kamran [10].
Description
The spyware [2] [3] [4] [5] [6] [8] [9] [10], Kamran [1] [2] [3] [4] [5] [6] [7] [8] [9] [10], is distributed through the Urdu version of the Hunza News app, which users are prompted to install when they access the website on their mobile devices. Kamran is a malicious app that tricks users into granting permissions to access various types of data, including contacts [3] [9], calendar events [2] [3] [9], call logs [1] [2] [3] [7] [9], location information [2] [10], device files [3], SMS messages [3] [9] [10], and images [3]. It not only displays the content of the Hunza News website but also collects sensitive user data and uploads it to a command and control server [3]. The spyware was active on the website from January 7 to March 21, 2023 [10], coinciding with a period of protests in Gilgit-Baltistan [3] [10]. ESET researchers have identified 22 compromised smartphones [6], with five of them located in Pakistan [3] [6]. Kamran was not available on the Google Play Store and was downloaded from an unknown source [3] [6].
Conclusion
The targeted approach of Kamran highlights the need for prompt action to protect affected users’ security and privacy [9], as it has the potential to harvest sensitive information [9], leading to privacy breaches and the misuse of personal content [9]. Victims may remain unaware of the spyware’s presence [9], increasing the risk of prolonged data exposure [9]. The attack has not been attributed to any known threat actor or group [1] [7] [8]. To mitigate such threats, ESET researcher Lukáš Štefanko emphasizes the importance of downloading apps only from trusted and official sources [3].
References
[1] https://pledgetimes.com/kamran-android-malware-discovered-from-the-middle-east/
[2] https://www.ncnonline.net/eset-research-android-malware-kamran-spying-via-news-app-on-residents-of-the-disputed-kashmir-region/
[3] https://www.cxotoday.com/press-release/eset-research-android-malware-kamran-spying-via-news-app-on-residents-of-the-disputed-kashmir-region/
[4] https://www.welivesecurity.com/en/eset-research/unlucky-kamran-android-malware-spying-urdu-speaking-residents-gilgit-baltistan/
[5] https://www.timesnownews.com/technology-science/kamran-spyware-the-malware-that-targets-urdu-speaking-android-users-in-disputed-kashmir-article-105119418
[6] https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-android-malware-kamran-spying-via-news-app-on-residents-of-the-disputed-kashmir-region/
[7] https://mrhacker.co/cyber-attack/stealthy-kamran-spyware-targeting-urdu-speaking-users-in-gilgit-baltistan
[8] https://thehackernews.com/2023/11/stealthy-kamran-spyware-targeting-urdu.html
[9] https://www.pcrisk.com/removal-guides/28259-kamran-spyware-android
[10] https://www.infosecurity-magazine.com/news/kamran-spyware-targets-urdu/
