Facebook security researchers released their second quarter Adversarial Threat Report that confirms two APT groups using a new android malware dubbed Dracarys. Dubbed as ‘Bitter APT’ and ‘APT36’ the newly discovered groups are being used to populate Dracarys malware via Facebook(FB) platform mainly to collect personal information or befriend a person, without the knowledge of the actual profile owner.
Both these groups are involved in a cyber espionage campaign targeting the users of the said social media giant and both these groups are being nurtured by state-funded two Asian countries.
APT36 was found hacking the Indian Government websites and is being linked to Pakistan. However, there is no official confirmation from either the Government of India or Facebook owner Meta.
Bitter APT was found to be targeting the critical IT infrastructure of the Bangladesh government and is found to be possessing remote file execution abilities.
Meta’s security researchers found that the two groups have so far targeted FB users from New Zealand, Afghanistan, UAE, Saudi, UK, and Canada and mainly lead the victims to compromise sites by using malicious URLs that can be shortened by various online applications and lead the victim to malevolent payloads.
The most concerning part of Dracarys is that the said Trojan can sneak into other applications such as YouTube, WhatsApp, Signal, Telegram, and Google messages and siphon data such as text messages photos, Geo-location details, call logs and enable the microphone and camera on an infested device to record audio or take a picture of the victim, while they are gazing at the screen.