Researchers from ESET have discovered a campaign being run by the Bahamut APT organisation specifically to target Android users. A false SecureVPN website that solely offers Android apps for download is used in this campaign, which has been running since January 2022.
Although the virus used throughout this operation utilises the name SecureVPN, it has absolutely nothing to do with the reputable, multiplatform SecureVPN software and service. Sensitive information like contacts, SMS messages, call logs, device location, and phone call recordings can all be exfiltrated by the malware.