Indian Military Personnel Targeted by ‘PJobRAT’ Spyware Mimicking Dating Apps

  • An unknown actor is spreading fake dating apps on military forums, targeting Indian personnel.
  • The apps use the names “Trendbanter,” “HangOn,” “SignalLite,” “Rita,” and “Ponam,” but they’re all the same spyware.
  • The functions of PJobRAT include stealing images and video, SMS, contact lists, documents, GPS data, and more.

Researchers at the 360 Core Security Lab have sampled a recent version of the PJobRAT, a spyware that has been around since at least December 2019. In its newest iterations, it appears to be disguised as an Indian dating and instant messaging app under the name “Trendbanter.” In other cases, the actors imitate “HangOn,” “SignalLite,” “Rita,” and “Ponam.” According to the researchers, the current campaign, which targets mainly Indian military personnel, has been active since January 2021, so it’s been several months already.

Source: blogs.360.cn

The spyware is being distributed via third-party app stores and not the Play Store, and it’s promoted as a platform meant to bring single Indians living abroad together. The weird stuff starts immediately after its installation, as the icon displayed on the device rarely matches the one shown in the app store. Instead, it mimics WhatsApp or something else, trying to hide in the apps list.

Function-wise, PJobRAT exfiltrates documents of the pdf, doc, docx, xls, xlsx, ppt, and pptx types, and can also obtain private data from apps like WhatsApp, including conversation messages and contact lists.

Here is the complete list of the spyware’s functions:

  • Upload address book
  • Upload SMS
  • Upload audio files
  • Upload video file
  • Upload image file
  • Upload a list of installed apps
  • Upload a list of external storage files
  • Upload WIFI
  • Upload geographic location
  • Update phone number
  • Recording via the mic or camera

No matter what app name and icon is used, the spyware remains the same in terms of its code and also communicates with the same infrastructure. Interestingly, the researchers found that the private server which receives the exfiltrated data is publicly accessible, which is a clear indication of the carelessness of the actors.

Source: blogs.360.cn

The 360 Core Security team cannot attribute this campaign to anyone with certainty. Still, considering that the actor’s goal appears to be spying on Indian military personnel, the actors could be Chinese or Pakistani hackers.

Hooking army personnel through dating and IM apps is not unusual at all, as it seems to be working very well in this context. Back in February 2020, we saw Hamas hackers deploying the same trick against Israeli soldiers, convincing them to voluntarily download powerful spyware on their phones – which then accessed camera, GPS, SMS data, browser history, and even calendar entries.

REVIEW OVERVIEW

Latest

Is It Okay to Charge iPhone 13, Mini, Pro, or Pro Max Overnight?

Without any doubt, there are plenty of misconceptions about charging iOS devices. That’s even more true now since this year’s iPhones have the...

Is It Okay to Play Games While Charging iPhone 13? 

The iOS App Store offers more than one million games. Your options are practically limitless, with console-like games taking full advantage of iPhone 13’s...

Is It Bad to Use iPhone 13 While Charging? 

The latest iPhone generation comes with the longest battery life yet, managing to provide up to 2.5 extra hours of use. With that said,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari