DoNot Team's New Tanzeem Malware Targets Intelligence Ops

DoNot Team’s New Tanzeem Malware Targets Intelligence Ops

New Android Malware Linked to DoNot Team: A Targeted Cyber Threat

In a significant cybersecurity development, the notorious threat actor known as DoNot Team has been associated with a new form of Android malware, raising alarms about targeted cyber attacks. The malware, identified as Tanzeem (meaning "organization" in Urdu) and its counterpart Tanzeem Update, were discovered by cybersecurity firm Cyfirma in late 2023. This new Android malware is reported to mimic a chat application, yet fails to function post-installation, revealing its true malicious intent.

Understanding the New Android Malware

The emergence of Tanzeem represents a concerning trend in cyber threats, particularly for individuals in sensitive positions. Cyfirma’s analysis highlights that the malware is designed to masquerade as a legitimate application, but it crashes immediately after users grant the necessary permissions. This raises questions about the specific targets of this malware, suspected to be aimed at collecting intelligence on individuals within and beyond national borders.

Who is DoNot Team?

DoNot Team, also referred to by various aliases such as APT-C-35 and Origami Elephant, is believed to be an Indian hacking group known for its sophisticated cyber operations. Historically, this group has utilized spear-phishing tactics and Android malware to extract sensitive information. In October 2023, they were linked to a previously unknown .NET-based backdoor named Firebird, which targeted select victims in Pakistan and Afghanistan.

Key Features of Tanzeem Malware

  • Malicious Functionality: Although presented as a chat application, Tanzeem fails to operate, shutting down shortly after installation.
  • Phishing Mechanism: The malware utilizes OneSignal, a customer engagement platform, to send notifications that include phishing links leading to further malware deployment.
  • Data Collection: Upon installation, the app requests sensitive permissions to access call logs, contacts, SMS messages, location data, and files stored externally. It can also capture screen recordings and connect to a command-and-control (C2) server.

Cybirma emphasizes that this malware employs a new strategy involving push notifications, enhancing its ability to remain active and collect intelligence on target devices.

The Evolving Threat Landscape

The sophistication of the Tanzeem malware indicates an evolution in the tactics employed by DoNot Team. As cyber threats become increasingly targeted, the potential for widespread information breaches grows.

For those interested in cybersecurity, it’s crucial to stay informed about these emerging threats. Learn more about the implications of such malware and the importance of robust cybersecurity measures.

If you found this article insightful, we encourage you to share your thoughts in the comments below or explore related articles on cybersecurity trends. Follow us on Twitter ï‚™ and LinkedIn for more exclusive content and updates.

Share it

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *