Summary: CYFIRMA researchers have linked a newly discovered Android malware named “Tanzeem” to the Indian APT group DoNot Team, which has been active since 2016. This malware targets government and military organizations in South Asia and utilizes the OneSignal platform to deliver phishing links. The evolving tactics of the DoNot APT group signify a persistent threat to regional cybersecurity.
Threat Actor: DoNot Team | DoNot Team
Victim: South Asian Organizations | South Asian Organizations
Keypoints :
- The malware “Tanzeem” mimics chat functionality and requests accessibility permissions from users.
- DoNot Team has been observed using OneSignal to deliver phishing notifications, marking a new tactic in their operations.
- The malware can collect sensitive data, including call logs, contacts, and precise locations, indicating a significant threat to targeted individuals and organizations.
Source: https://securityaffairs.com/173257/apt/donot-team-android-malware.html