Summary: The DONOT Team, an advanced persistent threat (APT) group, is utilizing two deceptive Android applications, “Tanzeem” and “Tanzeem Update,” to conduct intelligence-gathering operations against individuals and organizations in India. These apps masquerade as chat applications but are designed to exploit device permissions for data harvesting. Cyfirma researchers have identified the group’s ongoing efforts to collect strategic intelligence, indicating a persistent threat in the region.
Threat Actor: DONOT Team | DONOT Team
Victim: Individuals and organizations in India | individuals and organizations in India
Keypoints :
- DONOT Team uses the Tanzeem and Tanzeem Update apps to gain unauthorized access to sensitive information on Android devices.
- The apps utilize OneSignal to send push notifications, tricking users into enabling accessibility services and granting dangerous permissions.
- Research indicates that DONOT Team has been active since at least 2016, targeting various entities across South Asia for espionage and intelligence gathering.
Source: https://www.darkreading.com/cyberattacks-data-breaches/donot-group-malicious-android-apps-india