Android malware spying on readers of G-B’s website

Gilgit: ESET Research, a Slovak software company specializing in cybersecurity, has identified a watering-hole attack on the Hunza News, a regional news website that delivers news about Gilgit-Baltistan.

According to the ESET Research report, when the Urdu version of the Hunza News website opens on a mobile device, it offers readers the possibility to download the Hunza News Android app directly from the website, but the app has “malicious espionage capabilities.”

The Slovak security researchers named this previously unknown spyware “Kamran” after the owner of Hunza News. The report clarified that the English mobile version doesn’t provide any app for download. However, it said, the Urdu version on mobile offers to download the Android spyware.

According to the report, upon downloading the app, users are prompted to grant permissions that open the floodgates to their private data. If accepted, “Kamran” quietly collects information about contacts, calendar events, call logs, location information, device files, SMS messages, images, etc.

The malware has the ability to stay under the radar, bypassing the security of the official Google Play Store.

The malicious app has never been offered through the Google Play Store and is downloaded from an unidentified source referred to as ‘Unknown’ by Google.

The EST investigation revealed that the spyware appeared on the website between January 7, 2023, and March 21, 2023. The developer certificate of the malicious app was issued on January 10, 2023. “During that time, protests were being held in Gilgit-Baltistan for various reasons encompassing land rights, taxation concerns, prolonged power outages, and a decline in subsidized wheat provisions,” it said.

The investigation revealed that the malware has already compromised at least 22 smartphones, with a significant number located in Pakistan. This breach of privacy has raised alarm bells about the security of personal data.

Exclusive: why Astore-1 by-election results withheld, reveals GB Chief Election Commissioner

According to the research, hunzanews.com started to provide a legitimate Android application in 2015, which was available on the Google Play store. “Based on available data, we believe two versions of this app were released, with neither containing any malicious functionality,” it added.

When contacted, Muhammad Kamran Ali, owner of the Hunza News, showed his ignorance of such development, saying he would immediately contact his website and app developer to sort out the issue.

After contacting his developer, Kamran said that his developer had started working on the issue and would sort it out soon. He said that Hunza News (Pvt) is a registered company and working to highlight issues of G-B responsibly.

He added the online newspaper had been active and gaining online readership for over 10 years. Kamran said that he would take all possible measures to solve the problem as it has hit the reputation of his website. He said that he has lodged a complaint with the FIA cybercrime witng via the online portal.