Indian-Made Mobile Spyware Spotted to Target Human Rights Activist in Togo

Indian-Made Mobile Spyware Spotted to Target Human Rights Activist in Togo
Indian-Made Mobile Spyware Spotted to Target Human Rights Activist in Togo | Image credits: Avira

A well-known human rights advocate in Togo has been infiltrated with spyware by a threat actor with a history of attacking targets in South Asia, marking the group's first venture into digital espionage in Africa, according to The Hacker News.

A group known as Donot Team (also known as APT-C-35) has been linked to cyberattacks in India and Pakistan, according to Amnesty International, which has also found evidence linking the group's infrastructure to an Indian firm called Innefu Labs. The activist, who has not been identified, is believed to have used bogus Android applications and spyware-laden emails to infiltrate targets over the course of two months beginning in December 2019.

In order to transmit the texts, an Indian phone number that was registered in the state of Jammu and Kashmir was used. ChatLite, a malicious program, gains access to the smartphone's camera and microphone as soon as it is loaded. It also has access to any files stored on the smartphone. It is even capable of intercepting WhatsApp messages as they are transmitted and received by the device itself.

The attackers, however, switched to an alternate infection chain in which an email from a Gmail account contained malware-laced Microsoft Word documents that took advantage of a now-patched remote code execution vulnerability (CVE-2017-0199) to drop a full-featured Windows spying tool known as the YTY framework that grants full access to the victim's machine.

Hackers use ingenious methods to infect the devices of their victims

Amnesty International said in a report "The persistent attacks over WhatsApp and email tried to trick the victim into installing a malicious application that masqueraded as a secure chat application," [...] "The application was in fact a piece of custom Android spyware designed to extract some of the most sensitive and personal information stored on the activist's phone."

A Delhi-based company called Innefu Labs was identified as having an IP address 122.160.158[.]3, despite the fact that the company has not been directly involved in the event. An Innefu Labs spokesperson told the non-governmental group that the company has no affiliation with Donot Team APT and that they have no knowledge of the alleged operations being carried out using Innefu's IP address.