These espionage attacks started as persistent and well-resourced attacks which a hacking group undertook. This group was tracked and named Bitter APT and targetted individuals in New Zealand, UK, India, and Pakistan.
According to Meta, during their Quarterly Aversarial, Bitter used multiple malicious tactics to target people online using social engineering to infect their devices with malware. They used a mix of link shortening services, compromised websites, malicious domains, and third-party hosting providers to distribute their malware.
These attacks took place because the threat actors were able to create fictitious personas on the platform and pretended to be attractive young women. They then built trust with the targets and were able to lure them into clicking on a bogus link they sent. Once the victims clicked on the link, the malware was deployed.
There is an interesting twist to this story as well. The threat actors convinced their victims to download an iOS chat application through Apple TestFlight, which is a legitimate online service often used for beta-testing applications so app developers can receive valuable feedback.
Therefore, the hackers weren’t entirely reliant on exploitation to deliver these custom malware to targets. They were able to make it appear more legitimate by using Apple services to distribute the app. Clearly, this tactic worked as people were convinced and used Apple TestFlight and installed the chat application.
Furthermore, the Bitter ATP operators used an Android malware that was previously undocumented called Dracarys. This malware can abuse operating systems’ accessibility permissions, thereby installing apps, capturing photos, recording audios, harvesting sensitive data, and more without the victim’s knowledge.
Dracarys is transferred through trojanized dripper apps such as Whatsapp, Youtube, Telegram, etc., and then continue deploying malware disguised as legitimate software to gain access to different mobile devices.
The origins of Bitter are still a mystery as not many indicators hint at its roots. Therefore, no one knows which country it arose, and Meta believes that it operates out of South Asia.
Read also:
- Candiru Spyware Targeting Journalists by Exploiting Google Chrome Zero-Day
- Tech Companies Pulling Back From Russia Concerns China
- Some Tips to Secure Your Digital Wallet from Hackers!
- How to Hack Someone’s Instagram Without Them Knowing
- The Cybersecurity Risks of Merging Business & Pleasure
- 6 Common Online Scams And How To Spot Them