Spyware Targeting Urdu Speakers in Kashmir Spread Through Infected News Site on Android Devices

    Hackers are targetting Urdu speakers using spyware delivered through an infected popular news site. Cybersecurity researchers from ESET discovered a brand of Android spyware, Kamran, distributed via a compromised news website, Hunza News. This spyware specifically targets Urdu-speaking residents of Gilgit-Baltistan in the disputed Kashmir region administered by Pakistan.

    Lukáš Štefanko, a researcher at ESET, highlights that Kamran spyware is unique. It stands apart from other Android spyware, making linking it to any known advanced persistent threat (APT) group challenging. The spyware allows hackers to access a victim’s contacts, calendar, call logs, location, device files, SMS messages, and images.

    Hunza News, a regional news website, covers Gilgit-Baltistan, a region with territorial disputes involving India, Pakistan, and China. ESET found that visitors to the Urdu version of the site on mobile devices received prompts to download the “Hunza News Android app” directly from the website. This app was infected with Kamran spyware. While it displays content from the Hunza News site, it asks users for extensive device permissions. The app then uploads the stolen data to a server.

    Despite ESET’s notification, Hunza News did not respond to the issue. The news outlet, operational since 2013, began offering its Android app through the Google Play Store in 2015. The researchers noted that the malicious app is unavailable through the Google Play Store and requires downloading from an “Unknown” source.

    ESET identified at least 22 compromised smartphones, with five in Pakistan. The appearance of the malicious app on the website between January 7 and March 21 coincided with local protests in Gilgit-Baltistan.

    Latest articles

    Related articles