DONOT APT Deploys Malicious Tanzeem Android Apps for Intelligence Gathering

The advanced persistent threat group known as DONOT Team has been discovered leveraging two nearly identical Android applications to conduct sophisticated intelligence-gathering operations targeting specific individuals and groups within India.

Cybersecurity researchers at Cyfirma have uncovered the malicious "Tanzeem" and "Tanzeem Update" applications, which purport to be chat applications but are designed to covertly harvest sensitive information from compromised devices. The apps, whose name translates to "organization" in Urdu, appear strategically crafted to target individuals of national security interest.

When users install these applications, they are prompted to enable accessibility features and grant extensive permissions. The apps then proceed to shut down while stealthily collecting critical device information. The malicious software can read call logs, access contacts, retrieve SMS messages, monitor precise device locations, and extract account information.

A notable technical aspect of these applications is their use of OneSignal, a legitimate customer engagement platform, to send push notifications. This technique allows the threat actors to potentially deploy additional malicious payloads and maintain persistent access to compromised devices.

The DONOT Team, also tracked under various aliases like APT-C-35 and Viceroy Tiger, has a history of conducting cyber espionage campaigns across South Asia. Their operations have consistently targeted organizations and individuals in countries like Pakistan, Sri Lanka, and Bangladesh.

Researchers noted that the group's tactics demonstrate an evolving approach to intelligence gathering, with a focus on strategic data collection that could potentially support national interests. The use of seemingly innocuous applications and legitimate platforms highlights the sophisticated methods employed by this threat actor.

Cybersecurity experts recommend users exercise extreme caution when downloading applications, particularly those from unknown sources, and maintain updated security protocols to mitigate such sophisticated threats.

Found this article interesting? Keep visit thesecmaster.com, and our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium, and Instagram and subscribe to receive tips like this. 

You may also like these articles: Here are the 5 most contextually relevant blog posts: