The latest cyber analytics shows that individuals who utilize free VPN apps to access blocked geo-locations are the latest victims of cyber criminals. Researchers have revealed that the popular OpenVPN and SoftVPN Android apps are maliciously coded with spyware.
According to researchers, the Bahamut hacking group has been linked to virus-coded VPN apps. These threat actors are well-known on the dark web for providing hack-for-hire services. Their malicious hacking campaigns date back to 2017 when they were first discovered by cyber security analysts. And according to documented studies, their modus operandi involves luring victims with trojanized VPN apps.
Reportedly, the Bahamut hackers created the SoftVPN and OpenVPN Android Apps and uploaded their harmful software to the Google Play Store. Then, once downloaded by Android device users, they became constant targets by the Bahamut hackers.
The threat actors’ campaign’s main target involves stealing the contact lists and call records of victims. In addition, the device location and text message history were also harvested by the criminals.
Hackers mask fake VPN
Further investigation of the ‘highly targeted’ phishing campaign reveals that although the apps include malicious codes, users were granted free VPN services, however, that was through redirection by the hackers to the SecureVPN legitimate VPN service.
Cyber analysts stated that the hackers’ entire operation established credibility with the help of SecureVPN. So far, it shows that the hackers conducted email phishing, as well as social media scams.
Another hacking campaign linked to the Bahamut hackers revealed that in 2017, Bellingcat journalists revealed an espionage campaign where the criminals target Middle Eastern human rights activists.
The Bahamut hackers are notorious for using some of the most popular hacking tools to carry out their scam operations. They’re renowned for constantly changing their tactics, as well as targeting individuals in multiple countries.
In addition, the Bahamut threat actors have been linked to some significant hacking undertakings. And according to a 2020 document by the BlackBerry cyber team, Bahamut appears to be a government-funded hacking group.
The resourceful threat actors proved to be highly skilled software coders. Also, the Bahamut operation has also been linked to the Urpage and Windshift hacking groups.