Hackers are going after singles in a brand new romance rip-off. A South Asian hacker group known as Confucius has been utilizing social engineering and romance to steal data from victims. The hacker group was discovered focusing on navy personnel, businessman and others in South Asian nations.
In response to safety researchers at Development Micro, who found the brand new marketing campaign, Confucius’ operations bear similarities to a cyberespionage group often called Patchwork or Dropping Elephant. In response to earlier reviews, the Confucius hacker group has been energetic since 2013.
“Are Patchwork and Confucius the identical group? The instructions in their backdoors do resemble one another. The configfiles have the same, customized construction, and each teams have infrastructure overlap,” the Development Micro researchers said in a blog. “Nonetheless, we construe them to be totally different teams, probably inside the similar neighborhood, with totally different aims and modi operandi. Whereas Patchwork could also be extra simple with its predominantly malware-based assaults, Confucius’ could be inferred to be extra nuanced, relying closely on social engineering.”
The hacker group developed customised faux chat apps for each Android and Home windows working techniques, which include backdoor functionalities, to steal victims’ data. The faux backdoor-capable chat apps known as Easy Chat Level, Secret Chat Level, and Tweety Chat had been utilized by the hackers to not solely steal messages but in addition achieve distant management of victims’ gadgets.
In response to the Development Micro researchers, the hackers’ backdoor-capable faux Android chat apps can steal SMS messages, accounts, contacts, and recordsdata and even document audio. The researchers additionally discovered that Tweety Chat’s Android model was able to muting a sufferer’s machine, in addition to sync name logs and SMS messages.
Moreover, the researchers discovered that Confucius hackers tagged techniques associated to safety researchers, doubtless in efforts to evade detection.
“Confucius’ operations embody deploying bespoke backdoors and stealing recordsdata from their sufferer’s techniques with tailor-made file stealers, a few of which bore resemblances to Patchwork’s. The stolen recordsdata are then exfiltrated by abusing a cloud storage service. A few of these file stealers particularly goal recordsdata from USB gadgets, in all probability to beat air-gapped environments,” the Development Micro researchers mentioned. “On the time of analysis, there have been round 60 victims whose knowledge had been uploaded to Confucius-owned cloud storage account. There have been additionally a couple of thousand recordsdata within the account that had been later deleted.”