Table of Contents

Middle East Android Users Targeted by APT-C-23’s New Variant Of Spyware
Security /

Middle East Android Users Targeted by APT-C-23’s New Variant Of Spyware

Don’t fall for generic app icons and words like App Updates!

Discovered by Qihoo Technology in March 2017, the Two-tailed Scorpion, popularly known as the APT-C-23 threat group, surfaces again. The cyber mercenaries group targets victims of Middle East users and uses both Windows and Android components for its operations. A recent report from security researchers suggests that APT-C- 23 targets Android users with a new variant that boasts enhanced search capabilities and persistence features.

How Dangerous Is The New Malware Strain?

Unlike the other variants released so far, the new strain camouflages behind app icons. like Chrome, YouTube, Google Play, or the BOTIM voice-over-IP service. Moreover, the vulnerability of relying on a single C2 domain is fixed in the new variant. Now, the malware can switch to a C2 server with a different domain allowing spyware to continue operation even after the domain is taken down.

  • When the user accessed the corrupt app icon, a genuine version of the app is executed in the background while performing surveillance.
  • The new variant shares code with other malware samples linked with APT-C-23.
  • Arabic language string was found in the code and some text is shown based on language settings on the victim’s phone.

Discoveries So Far

The spyware impersonates an updated app with a generic icon and words like System App Updates, App Updates, or Android Update Intelligence.

  • To target users, a download link is sent via text message. When the user falls for it and taps the link, the spyware app is downloaded and launched. After that, to control the phone, it asks for permission; once that’s granted, threat actors have full access to the device.
  • To enable required permissions, cybercriminals use social engineering, pretending that the permissions are vital for running the app.
  • Once the permissions are granted, spyware masks itself using the name and icon of a legitimate app. This makes differentiating between the genuine and fake app difficult.

Functionalities Implemented by APT-C-23 Malware

  • Gather call logs, SMS, contacts, documents, and images saved on the phone.
  • Records audio, including WhatsApp calls and incoming and outgoing calls.
  • Captures screen and records video of the screen
  • Takes pictures using the phone camera
  • Masquerading own icon
  • Reads notifications from social media and messaging platforms from WhatsApp, Telegram, Signal, Facebook, Facebook Messenger, or Signal
  • Bypassing notifications from built-in security apps (such as Samsung SecurityLogAgent, Huawei SystemManager, Android system apps, package Installer, and own notifications.

Also Read: Best Android Anti-Malware Apps

Is There Any Similarity To The Previous Version Of Spyware?

The new Android malware strain doesn’t leave any of the nasty features from previous versions behind. Alongside stealing data the spyware also collects text from SMS or other apps, call logs, images, and documents. It also reads notifications from social media and messaging apps; and cancels notifications from built-in security apps.

How to Stay Protected?

To stay protected from such threats, one should use a security application like Systweak Anti- Malware.  This security tool is designed with advanced algorithms to protect your smartphone and give it all-around protection. The virus database gets updated from time to time to give utmost security to users so that no new virus can infiltrate and its regular scans detect and shield every type of malicious content. The highlighted features of the security tool are as follows:

  1. Comes with Real-time protection
  2. Targets and removes malicious content, spyware, adware, trojans & other viruses
  3. Provides Web Protection while surfing online and protects you against visiting malicious and phishing sites.
  4. Boosts performance by offering all-around protection
  5. Daily/Weekly Schedule automated malware scans for regular security check-ups.

You can get it from the Google Play Store or can download it from the button below:


Click Here To Install Systweak Anti-Malware

In addition to this, they should also keep the following points in mind:

  • Be cautious of the apps that ask for sensitive permissions, like notification access, admin rights, superuser, or root access.
  • If after running the app for the first time, the app icon suddenly disappears be wary it is an indicator of an unwanted or malicious application.
  • Instead of relying on third-party apps or websites, always install mobile apps from trusted sources, such as Google Play. Update Android OS.
  • Remember there’s nothing called free lunch, there’s a price for everything. In the case of spyware, the only difference is that you don’t know what price you pay, but it is more than one can ask for.

Also Read: Does Factory Reset Help Remove Malware From Android?


To lure users, hackers are masquerading false apps and making users install them. To stay protected, users are suggested to use a security app like Systweak Anti-malware and always download apps from trusted sources. Furthermore, keeping Android OS updated via Android Settings and Google Play is a wise choice. This helps fix all known and unknown vulnerabilities that weakness smartphone security.

Releted Topics

Leave a Reply

Your email address will not be published. Required fields are marked *