FlexStarling Mobile Malware Targets Specialized Victims in Africa

android smartphone mobile malware

Human rights activists in Morocco and the Western Sahara region face a new threat from malicious actors who are using phishing tactics to deceive victims into downloading fake Android applications and accessing deceptive web pages to steal login credentials from Windows users.

Cisco Talos has identified this threat campaign as Starry Addax, which primarily targets activists associated with the Sahrawi Arab Democratic Republic (SADR). The infrastructure utilized by Starry Addax, namely ondroid[.]site and ondroid[.]store, is tailored to exploit both Android and Windows users. For Windows users, the attackers set up fake websites resembling popular social media platforms to trick individuals into divulging their login details.

Although specific websites targeted by these credential theft attacks cannot be disclosed due to ongoing investigations, Talos revealed that the threat actors are creating their own infrastructure to host counterfeit login pages for widely used media and email services.

Profiling the Entity Behind FlexStarling

The adversary, active since January 2024, employs spear-phishing emails to entice targets into installing what appears to be the Sahara Press Service's mobile app or a related decoy app. Depending on the operating system, victims are either presented with a malicious APK masquerading as the Sahara Press Service app or redirected to a fake social media login page to harvest their credentials.

The newly identified Android malware, FlexStarling, is multifaceted and capable of deploying additional malware components and extracting sensitive data from infected devices. Once installed, FlexStarling requests extensive permissions, enabling it to carry out various malicious activities, including receiving commands from a Firebase-based command-and-control (C2) server, a tactic used to evade detection.

Talos warns that campaigns targeting high-profile individuals like this one often aim to remain undetected on devices for extended periods.

By Zaib
April 10, 2024
Android Malware, Computer Security
English
April 10, 2024
Android Malware, Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Softcnapp Potentially Unwanted Application

2 months ago

Error: Ox800VDS Pop-up Scam

16 days ago

Venanco.com Scam

20 days ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

8 months ago

'American Express - Update Your Account Information' Email Scam

7 months ago

Related Posts

Android Malware

IcSpy Mobile Malware Targets Bank Customers

IcSpy is the name of a strain of mobile malware that can infect Android devices. The malware was used in a campaign targeting victims located in India and customers of Indian banking institutions. There have been... Read more

November 25, 2022
Android Malware

AxBanker Mobile Malware Targets Indian Users

AxBanker is the name of a mobile malicious application that was used in attacks on Indian Android users. The malware is specific to the Android platform and operates as a banking trojan. Reports state that it was... Read more

November 24, 2022
Android Malware

Predator Mobile Malware Targets Android Phones

Security researchers with Google's Threat Analysis Group (TAG) have recently published detailed information on a piece of mobile malware affecting Android devices. The mobile malware is named PEDATOR and was used in... Read more

May 20, 2022
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.