What is SandStrike Mobile Malware?
Mobile security researchers uncovered a new strain of mobile malware that targets Android devices, dubbed SandStrike.
The SandStrike Android malware is being distributed and advertised using social media accounts set up and operated by the threat actor behind the malware. The social media accounts had thousands of followers and were all linking to yet another social media outlet - a Telegram channel.
In the Telegram channel, the threat actor behind SandStrike was distributing the malware disguised as a VPN client application. To make the malicious VPN client more believable, the threat actors behind the malware actually went so far as to set up actual VPN servers and infrastructure as well.
Once installed, however, the VPN deploys its malicious functionality. The malware functions largely as spyware.
SandStrike can collect information from the compromised system. The malware's capabilities include the ability to exfiltrate call logs from Android phones, read and steal contact lists, as well as the ability to track the victim's actions on the infected device.