Cybersecurity experts have unveiled a large-scale mobile malware campaign dubbed SarangTrap, primarily targeting users in South Korea through fake dating, social networking, cloud storage, and car service applications. This troubling revelation points to the increasing sophistication of cybercriminal strategies aimed at stealing sensitive personal information.
According to Rajat Goyal from Zimperium zLabs, the campaign features over 250 malicious Android applications and more than 80 domains masquerading as legitimate app store listings. These fraudulent domains trick users into downloading the apps, which then exfiltrate contact lists and images while maintaining a guise of legitimacy. The deceptive tactics employed in this campaign raise serious concerns about the psychological manipulation tactics inherent in such cyber threats.
The malware operates by prompting users for an invitation code, which upon validation against a command-and-control server allows the app to request sensitive permissions, such as access to SMS messages and files. In parallel, the iOS version leads users to install a mobile configuration profile that facilitates malware installation, effectively capturing contacts, photos, and other sensitive data.
As the SarangTrap campaign evolves, it reportedly begins to blackmail victims by threatening to share personal videos with their families. This alarming trend underscores the urgent need for awareness and vigilance among users, who may find themselves ensnared in a web of surveillance and extortion due to their emotional vulnerabilities. Experts recommend taking precautions against such threats by scrutinizing app permissions and avoiding untrusted sources, thus mitigating the risks associated with these malicious applications.