CyberSecurity news
info@thehackernews.com (The@The Hacker News
//
A new Android malware campaign, potentially linked to previous attacks targeting Indian military personnel, has been identified focusing on users in Taiwan. The malware, known as PJobRAT, is an Android Remote Access Trojan (RAT) that steals sensitive data. It operates by disguising itself as legitimate chat applications, tricking users into installation. Once installed, PJobRAT can extract SMS messages, phone contacts, device information, documents, and media files from infected devices, enabling deep surveillance and remote control.
Researchers at Sophos X-Ops uncovered this recent campaign, observing activity from January 2023 to October 2024. The malicious chat apps, named SangaalLite and CChat, were distributed through compromised WordPress sites. While this particular campaign may be paused, it illustrates that threat actors often retool and retarget after an initial campaign, improving their malware and adjusting their approach before striking again. Users are advised to avoid installing apps from untrusted sources and employ mobile security solutions for protection.
ImgSrc: blogger.googleu
References :
- ciso2ciso.com: PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps – Source:thehackernews.com
- The Hacker News: An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps.
- www.infosecurity-magazine.com: PJobRAT malware targets Taiwan Android users, stealing data through fake messaging platforms
- Sophos X-Ops: Back in 2021, researchers reported on PJobRAT, an Android RAT targeting Indian military personnel by imitating various dating and instant messaging apps. After that, everything seemed to go quiet. But during a recent threat hunt, Sophos X-Ops researchers uncovered a more recent PJobRAT campaign appearing to target users in Taiwan – the earliest sample being Jan 2023, and the most recent in October 2024.
- Cyber Security News: Sophos X-Ops researchers have uncovered a new campaign involving PJobRAT, an Android Remote Access Trojan (RAT) first observed in 2019. This latest iteration, which appeared to target users in Taiwan, disguised itself as instant messaging apps such as ‘SangaalLite’ and ‘CChat’.
- gbhackers.com: PJobRAT, an Android Remote Access Trojan (RAT) first identified in 2019, has resurfaced in a new campaign targeting users in Taiwan.
- Sophos News: PJobRAT makes a comeback, takes another crack at chat apps
- Sophos X-Ops: We can’t confirm how users were directed to these sites, but PJobRAT previously used a variety of tricks, including third-party app stores, link shortening, phishing pages, fictitious personae, and posting links on forums. Once on a user’s device, the malware requests various permissions, and can steal SMS messages, phone contacts, device and app info, documents, and media files. The latest variant does not have a built-in function for stealing WhatsApp messages. But it does have a new functionality – running shell commands. This greatly increases the malware’s capabilities.
Classification:
- HashTags: #PJobRAT #AndroidMalware #Taiwan
- Company: Sophos
- Target: Taiwanese users
- Attacker: PJobRAT
- Product: Android
- Feature: Android Malware
- Malware: PJobRAT
- Type: Malware
- Severity: Major