Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection

The Hacker News by The Hacker News
January 20, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 20, 2025Ravie LakshmananAndroid / Malware

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.

The artifacts in question, named Tanzeem (meaning “organization” in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the user interface.

“Although the app is supposed to function as a chat application, it does not work once installed, shutting down after the necessary permissions are granted,” Cyfirma noted in a Friday analysis. “The app’s name suggests that it is designed to target specific individuals or groups both inside and outside the country.”

DoNot Team, also tracked as APT-C-35, Origami Elephant, SECTOR02, and Viceroy Tiger, is a hacking group believed to be of Indian origin, with historical attacks leveraging spear-phishing emails and Android malware families to gather information of interest.

In October 2023, the threat actor was linked to a previously undocumented .NET-based backdoor called Firebird targeting a handful of victims in Pakistan and Afghanistan.

Cybersecurity

It’s currently not clear who the exact targets of the latest malware were, although it’s suspected that they were used against specific individuals with the aim of collecting intelligence gathering against internal threats.

A notable aspect of the malicious Android app is the use of OneSignal, a popular customer engagement platform used by organizations to send push notifications, in-app messages, emails, and SMS messages. Cyfirma theorized that the library is being abused to send notifications containing phishing links that lead to malware deployment.

Regardless of the distribution mechanism used, the app displays a fake chat screen upon installation and urges the victim to click a button named “Start Chat.” Doing so triggers a message that instructs the user to grpermissionions to the accessibility services API, thus allowing it to perform various nefarious actions.

The app also requests access to several sensitive permissions that facilitate the collection of call logs, contacts, SMS messages, precise locations, account information, and files present in external storage. Some of the other features include capturing screen recordings and establishing connections to a command-and-control (C2) server.

“The collected samples reveal a new tactic involving push notifications that encourage users to install additional Android malware, ensuring the persistence of the malware on the device,” Cyfirma said.

“This tactic enhances the malware’s ability to remain active on the targeted device, indicating the threat group’s evolving intentions to continue participating in intelligence gathering for national interests.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Power International Holding (PIH) closes a landmark transaction to finance the acquisition of 100% of Mobile Telecom – Service LLP (MTS) from Kazakhtelecom JSC

Power International Holding (PIH) closes a landmark transaction to finance the acquisition of 100% of Mobile Telecom - Service LLP (MTS) from Kazakhtelecom JSC

Recommended.

Meta Is Charging a Subscription for Smart Glasses Features. Welcome to the New Era of Consumer Tech

Meta Is Charging a Subscription for Smart Glasses Features. Welcome to the New Era of Consumer Tech

July 2, 2026
Morgan Stanley tops estimates as trading revenue exceeds expectations by nearly  billion

Morgan Stanley tops estimates as trading revenue exceeds expectations by nearly $1 billion

April 15, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio