Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Fake Threema, Telegram Apps Hide Spyware For Targeted Attacks

Fake Threema, Telegram Apps Hide Spyware For Targeted Attacks

Starting from a little-known malware sample, security researchers tracked down a new Android spyware distributed through fake messaging apps like Threema, Telegram, and WeMessage.

The malware is from APT-C-23, a group of advanced hackers running espionage campaigns against military and educational institutions since before July 2015.

An updated version discovered earlier this year shows an impressive set of new features that let the spyware dismiss notifications from security solutions running on Samsung, Xiaomi, and Huawei devices, thus being able to operate silently.

Hiding in fake apps

In April 2020, security researcher MalwareHunterTeam tweeted about a piece of spyware for Android that had a very low detection rate on VirusTotal. Examining the sample, researchers at ESET discovered that it was part of the malware toolkit used by the APT-C-23 threat actor.

About two months later, in, June, MalwareHunterTeam found a new sample of the same malware hidden in the installation file of the Telegram messaging app available from DigitalApps, an unofficial Android store.

Since their security solution was among the few that detected in the wild the new spyware from APT-C-23, ESET started to investigate and discovered that the malware was also concealed in other apps listed in the store.

They found it in Threema, a secure messaging platform, and in AndroidUpdate, an app posing as a system update for the mobile platform.

With Threema and Telegram, the victim would get the full functionality of the apps along with the malware, thus concealing the malicious nature of the fake apps.

Possibly in an attempt to limit the spread of the malware, the attackers added a fake download gate by requiring a six-digit code.

ESET believes that using the DigitalApps store is only one of the distribution methods the threat actor used to infect victims because they found other apps that were not available in the store but contained the same spyware.

“In June 2020, ESET systems blocked this spyware on client devices in Israel. The detected malware samples were disguised as the messaging app ‘WeMessage’” – ESET

However, the graphical interface of the malicious app differs from the original and seems to have been created by the attacker, indicating that it was not impersonating the legitimate product.

Also Read: PDPA Breach Penalty Singapore: How Can Businesses Prevent

Improved set of features

The APT-C-23 is tracked under different names (Big Bang APT, Two-tailed Scorpion) by other cybersecurity companies. The group deploys malware for Windows (KasperAgent, Micropsia) and Android (GnatSpy, Vamp, FrozenCell) platforms [12345], attacking targets in the Middle East.

Compared to previous spyware for Android, the latest version from APT-C-23 extends functionality beyond recording audio, stealing call logs/SMS/contacts and specific file types (PDF, DOC, DOCX, PPT, PPTX, XLS, XLSX, TXT, JPG, JPEG, PNG).

ESET observed that the list of features now includes the possibility to silence notifications from security apps integrated with devices from Samsung, Xiaomi, and Huawei, allowing it to stay hidden even if its activity is detected.

Furthermore, it can now read notifications from messaging apps (WhatsApp, Facebook, Telegram, Instagram, Skype, Messenger, Viber), effectively stealing incoming messages.

The spyware can also record the screen (video and picture) as well as incoming and outgoing calls via WhatsApp. It can also make calls covertly, by creating a black screen overlay mimicking an inactive phone.

ESET published a technical report detailing the new capabilities of the improved spyware from APT-C-23, which provides useful indicators of compromise.

Also Read: How To Send Mass Email Without Showing Addresses: 2 Great Workarounds



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us