.webp "New Android Malware XploitSPY Attacks Indian Users Mimics Messaging Apps")
ESET researchers have unveiled a spy campaign called eXotic Visit. The campaign targets Android users by masquerading as benign messaging apps.
This campaign, active since late 2021, cleverly hides the open-source malware XploitSPY inside seemingly functional messaging services.
The primary victims of this sophisticated attack are located in India and Pakistan, which poses a significant threat to their digital security landscape.
The eXotic Visit campaign carefully distributed malicious Android apps through dedicated websites and, for a time, through the Google Play store.
Although these apps have been removed from the Google Play Store due to low install numbers and malicious nature, the threat still exists through other distribution channels.
Trustifi’s advanced threat protection prevents the widest range of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by other email security solutions. .
Try the free demo
The campaign’s focus on Android users in India and Pakistan highlights the targeted approach.
Around 380 victims have already been lured by the deceptive lure of the malware.
Technical complications of XploitSPY
XploitSPY, the malware at the heart of this campaign, features unique integration with the chat functionality of rogue messaging apps.
This integration is believed to be the work of the Virtual Invaders group, a moniker given by ESET researchers to the unidentified threat actors behind this campaign.
The malware uses a native library, commonly used in Android application development, to improve performance and access system features.
However, in this malevolent context, the library serves a more sinister purpose:
Hiding sensitive information such as Command and Control (C&C) server addresses.
This obfuscation tactic significantly complicates application analysis by security tools, making malware more elusive and dangerous.
The targeted nature of the eXotic Visit campaign, with its focus on Indian users, raises significant concerns about digital security in the region.
Messaging application spoofing—the foundation of digital communication—highlights the sophistication and deceptive capabilities of modern cyber threats.
Indian users, especially those who frequently download apps from sources outside of the Google Play Store, are at increased risk of falling victim to this spyware campaign.
Prevention and security measures
To protect themselves from threats like XploitSPY, users are advised to follow the following security measures:
- Download apps from trusted sources: Limit app downloads to official app stores, such as Google Play, with strict security checks.
- Be informed: Cyber threat awareness can help users identify and avoid potential dangers.
- Use security software: Installing reputable security software on Android devices can provide additional protection against malware.
- Check the app’s permissions: Be wary of apps that ask for unnecessary permissions, as this can be a sign of malicious intent.
The discovery of the exotic Visit campaign and the XploitSPY malware it propagates is a stark reminder of the evolution of cyber threats.
Users in India and around the world must remain vigilant and adopt strong security practices to protect their digital lives.
As the fight against cybercrime continues, being informed and prepared is our best defense.
Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.