Saturday, 19 July 2025
27.5 C
Singapore
29.7 C
Thailand
16 C
Indonesia
28.3 C
Philippines

Sophisticated spyware AridSpy targets Middle East in new malware campaign

ESET reveals new malware campaigns involving AridSpy, orchestrated by Arid Viper to target Android users in the Middle East, employing sophisticated espionage tactics.

ESET Research has recently revealed the existence of a sophisticated piece of Android malware, known as AridSpy, which is being distributed through five disguised websites. This malware is linked to the well-known cyberespionage group Arid Viper, also referred to as APT-C-23, Desert Falcons, or Two-tailed Scorpion, which has a history of targeting the Middle East.

Unveiling AridSpy

AridSpy has been detected in both Palestine and Egypt and is attributed, with medium confidence, to the Arid Viper APT group. This malware takes the form of a Trojan that is controlled remotely, with capabilities that focus on the espionage of user data. It can spy on messaging apps and extract content from the device, among other functionalities. It is typically bundled into applications that offer genuine services, making it even more deceptive.

How AridSpy infiltrates and operates

The campaigns involving AridSpy began in 2022 and include the distribution of multistage Android spyware, which ESET has named AridSpy. The malware downloads first- and second-stage payloads from its Command & Control (C&C) server, helping it to avoid detection. These payloads are spread through dedicated websites that impersonate various messaging apps, a job opportunity app, and a Palestinian Civil Registry app. Often, these are existing applications that have been compromised by the addition of AridSpy’s malicious code.

“In order to gain initial access to the device, the threat actors try to convince their potential victim to install a fake, but functional, app. Once the target clicks the site’s download button, myScript.js, hosted on the same server, is executed to generate the correct download path for the malicious file,” explains ESET researcher Lukáš Å tefanko, who discovered AridSpy.

The extent of AridSpy’s espionage capabilities

AridSpy is not just sophisticated in its disguise but also in its functionality. It is designed to avoid detection by network monitoring tools and can deactivate itself based on its coded instructions. The data exfiltration process is either triggered by a command received from the Firebase C&C server or when a predefined event occurs. Such events might include changes in internet connectivity, the installation or uninstallation of an app, phone calls made or received, SMS messages sent or received, connecting or disconnecting a battery charger, or the device rebooting.

If any of these events occur, AridSpy begins to gather a wide range of victim data and uploads it to the exfiltration C&C server. This includes the device location, contact lists, call logs, text messages, thumbnails of photos and videos, recorded phone calls and surrounding audio, photos taken by the malware, WhatsApp databases containing exchanged messages and user contacts, bookmarks and search history from the default browser and Chrome, Samsung Browser, and Firefox if installed, files from external storage, and all received notifications, among others.

This ongoing investigation into AridSpy by ESET underscores the persistent threats posed by cybercriminal groups and the critical importance of cautious software installation practices, especially from non-official sources.

Hot this week

OpenAI’s new ChatGPT Agent can now complete real-world tasks for you

ChatGPT Agent from OpenAI helps you book, plan, and generate reports with ease, bringing AI task completion into your daily life.

Samsung, Google, and Qualcomm share their vision for where mobile AI is heading

Samsung, Google, and Qualcomm share how mobile AI will become more helpful, personal, and invisible in your everyday life.

Sony unveils RX1R III full-frame camera with AI enhancements and eco-friendly design

Sony launches RX1R III full-frame camera with AI autofocus, Creative Looks, and eco-friendly packaging for advanced image quality and usability.

Juniper Networks: Southeast Asia accelerates shift towards AI-native self-driving networks

AI-native networking is helping Southeast Asian enterprises move from reactive IT to proactive innovation, improving scale, efficiency, and service.

Microsoft’s Copilot Vision AI can now view your entire screen

Microsoft’s Copilot Vision now sees your entire screen, offering live help and insights through desktop or mobile in real-time.

SoftBank plans a billion AI agents to boost workers like ‘thousand-armed deities’

SoftBank aims to launch a billion self-replicating AI agents by year-end to boost productivity, but concerns about job displacement remain.

City Energy makes EV charging app-free in Singapore and Malaysia

AutoCharge by City Energy allows you to charge your EV in Singapore and Malaysia without needing an app – plug in and start.

Tecno unveils Phantom Ultimate G Fold – a tri-fold Android phone like no other

Tecno unveils the Phantom Ultimate G Fold, a tri-fold concept Android phone set to debut at MWC 2026, featuring a slim design and full display.

iPhone 17 Pro may feature a new scratch-resistant, anti-reflective display

iPhone 17 Pro may debut with an anti-reflective, scratch-resistant display, joining Apple’s premium iPad and Mac screens.

Related Articles

Popular Categories