State-sponsored threat actors deployed three Android apps on Google Play to gather information from targeted devices, such as contact lists and location data. The threat organisation was connected to an Indian cybersecurity company in 2021, according to a study by Amnesty International, which also identified an effort to distribute spyware that allegedly used a phoney chat app.
The malicious Android apps were found by Cyfirma, which ascribed the operation with a moderate degree of confidence to the Indian hacking group “DoNot,” which is also known as APT-C-35 and has been targeting prominent organisations in Southeast Asia at least since 2018.