'eXotic Visit' Spyware Campaign Targets Android Users in India and Pakistan
Apr 10, 2024
Mobile Security / Spyware
An active Android malware campaign dubbed eXotic Visit has been primarily targeting users in South Asia, particularly those in India and Pakistan, with malware distributed via dedicated websites and Google Play Store. Slovak cybersecurity firm said the activity, ongoing since November 2021, is not linked to any known threat actor or group. It's tracking the group behind the operation under the name Virtual Invaders . "Downloaded apps provide legitimate functionality, but also include code from the open-source Android XploitSPY RAT ," ESET security researcher Lukáš Štefanko said in a technical report released today. The campaign is said to be highly targeted in nature, with the apps available on Google Play having negligible number of installs ranging from zero to 45. The apps have since been taken down. The fake-but-functional apps primarily masquerade as messaging services like Alpha Chat, ChitChat, Defcom, Dink Messenger, Signal Lite, TalkU, WeTalk, Wicker Mes