Middle East Android Users Targeted by APT-C-23’s New Variant Of Spyware

Don’t fall for generic app icons and words like App Updates!

Middle East Android Users Targeted by APT-C-23’s New Variant Of Spyware

Discovered by Qihoo Technology in March 2017, the Two-tailed Scorpion, popularly known as the APT-C-23 threat group, surfaces again. The cyber mercenaries group targets victims of Middle East users and uses both Windows and Android components for its operations. A recent report from security researchers suggests that APT-C- 23 targets Android users with a new variant that boasts enhanced search capabilities and persistence features.

How Dangerous Is The New Malware Strain?

Unlike the other variants released so far, the new strain camouflages behind app icons. like Chrome, YouTube, Google Play, or the BOTIM voice-over-IP service. Moreover, the vulnerability of relying on a single C2 domain is fixed in the new variant. Now, the malware can switch to a C2 server with a different domain allowing spyware to continue operation even after the domain is taken down.

  • When the user accessed the corrupt app icon, a genuine version of the app is executed in the background while performing surveillance.
  • The new variant shares code with other malware samples linked with APT-C-23.
  • Arabic language string was found in the code and some text is shown based on language settings on the victim’s phone.

Discoveries So Far

The spyware impersonates an updated app with a generic icon and words like System App Updates, App Updates, or Android Update Intelligence.

  • To target users, a download link is sent via text message. When the user falls for it and taps the link, the spyware app is downloaded and launched. After that, to control the phone, it asks for permission; once that’s granted, threat actors have full access to the device.
  • To enable required permissions, cybercriminals use social engineering, pretending that the permissions are vital for running the app.
  • Once the permissions are granted, spyware masks itself using the name and icon of a legitimate app. This makes differentiating between the genuine and fake app difficult.

Functionalities Implemented by APT-C-23 Malware

  • Gather call logs, SMS, contacts, documents, and images saved on the phone.
  • Records audio, including WhatsApp calls and incoming and outgoing calls.
  • Captures screen and records video of the screen
  • Takes pictures using the phone camera
  • Masquerading own icon
  • Reads notifications from social media and messaging platforms from WhatsApp, Telegram, Signal, Facebook, Facebook Messenger, or Signal
  • Bypassing notifications from built-in security apps (such as Samsung SecurityLogAgent, Huawei SystemManager, Android system apps, package Installer, and own notifications.

Also Read: Best Android Anti-Malware Apps

Is There Any Similarity To The Previous Version Of Spyware?

The new Android malware strain doesn’t leave any of the nasty features from previous versions behind. Alongside stealing data the spyware also collects text from SMS or other apps, call logs, images, and documents. It also reads notifications from social media and messaging apps; and cancels notifications from built-in security apps.

How to Stay Protected?

To stay protected from such threats, one should use a security application like Avast One.  This security tool is designed with advanced algorithms to protect your smartphone and give it all-around protection. The virus database gets updated regularly to provide comprehensive and real-time protection to users so that no new virus can infiltrate your security and privacy. Using its regular scans, Avast One detects and shields your device and data from every type of malicious content. The highlighted features of the security tool are as follows:

  1. Comes with Real-time protection.
  2. Targets and removes malicious content, spyware, adware, trojans & other viruses
  3. Checks your network’s encryption and password strength, so that you don’t connect to a network that may put your security and privacy at risk.
  4. Hides your online activities so that no one can track your digital footprints.
  5. Cleans all the accumulated junk files to free up unnecessary occupied space and enhance speed.
  6. Boosts performance by killing apps you aren’t using.

Avast One

Click Here To Install Avast One

Also Read: Does Factory Reset Help Remove Malware From Android?


To lure users, hackers are masquerading false apps and making users install them. To stay protected, users are suggested to use a security app like Avast One and always download apps from trusted sources. Furthermore, keeping Android OS updated via Android Settings and Google Play is a wise choice. This helps fix all known and unknown vulnerabilities that weakness smartphone security.

Related Topics

Quick Reaction:

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe & be the first to know!

Signup for your newsletter and never miss out on any tech update.