A new type of Android spyware is targeting users searching for military and government security jobs in Saudi Arabia, Intel reports. The spyware poses as a chat app available for download on the ksa-sef[.]com portal. The chat app is not visibly mentioned on the website.
Once installed, the app icon is no longer visible, but runs in the background. It steals and creates screenshots of the victims’ personal information such as contact lists, SMS messages, voice calls, call history, browser history and device information. Device and user information is then sent to the hacker’s server. The app could also forward phone calls to another number.
Researchers claim the quality of the code is poor. Along with signs of negligence like using an open-source feature from GitHub and the automated message entitled “new victim,” it shows the hacker was a script kiddie.
Intel analysts don’t know whether the app only targets people seeking government and military jobs or whether industries are also exposed. As the location receiving the stolen data is the same as the location of the website, it may have been created specifically for spying on government personnel.
After a significant growth in mobile malware, spyware may also be a threat to Saudi Arabian national security, Intel says.