Cyber Threat Report: 'eXotic Visit campaign: Tracing the footprints of Virtual Invaders'

ESET describe a targeted Android espionage campaign with approximately 380 victims predominantly in India and Pakistan. The attackers compromise victims by using malicious apps which mainly impersonate messaging apps. The malicious apps are distributed through Google Play and independent websites and include code from the open source Android remote access trojan XploitSPY alongside seemingly legitimate functionality. Malicious functionality includes file listing; obtaining call logs, text messages, contacts etc; device location and WiFi networks; recording pictures and audio; intercepting notifications. The researchers track the campaign from November 2021 to the end of 2023. The post includes tactics, techniques and procedures (TTPs) used in the campaign with technical details and indicators of compromise (IoCs) also included.