‘Bahamut’ hackers target Android users with phony VPN apps

Cyber-mercenary “Bahamut” targets Android users masquerading as VPN apps

Like the ancient mythological fish bearing its name, the Bahamut cybercrime group is hidden from sight, swimming deep below the surface of the digital realm.

Further earning the moniker, Bahamut specializes in phishing attacks. It targets corporations and individuals in the Middle East and South Asia. 

After a year of staying off the radar, the advanced persistent threat (APT) group reemerged in 2022 to attack mobile devices, deftly tricking users into thinking they were downloading a VPN.

What is a VPN?

A virtual private network, or VPN, lets you surf the web with a degree of anonymity.

It makes your IP address appear to be coming from a different location, meaning you can bypass laws specific to your area that block certain content.

It often does this by encrypting your internet connection. VPNs also make it harder for cybercriminals to locate your computer.

They help protect private data by only allowing remote user access through encryption and tunneling protocols.

Ironically, the people tricked by Bahamut’s scheme were probably trying to bolster their network security. 

Bahamut enters the scene

In 2016, the cyber-mercenary group began launching espionage campaigns in South Asia and the Middle East. Their victims seemed to have only one thing in common: They were human rights activists.

After a few years of illicit activity, Bahamut disappeared for a while, only to reemerge this year. In 2022, Bahamut began targeting Android users who wanted to download a VPN.

The cybercrime group created a well-designed fake website that offered supposed VPN software. It most likely reaches its audience with the power of targeted messaging, sending them links to the site.

Anyone who tries to download the software from an Android phone is hacked. 

What type of data can they gather?

The hack installs spyware in the form of apps on victims’ phones.

This allows cybercriminals to access sensitive information such as usernames, passwords, SMS messages, and even people’s current locations.

Virtually any information on someone’s phone becomes accessible in this attack. 

Bahamut seems to gather sensitive or embarrassing information about users, which it could use for blackmail purposes. The motives are still unclear. 

None of the infected apps are available on the Google Play store. Users must download them through the malicious website masquerading as a legitimate VPN service.

Still, because the website is so polished, victims’ suspicions are not aroused. 

What is spyware?

“Spyware” is a portmanteau of spying and software. It’s a type of passive cyberattack that lets criminals monitor someone’s activity.

Hackers install software on a victim’s device that allows them to gather personal information.

The hacker can watch the user’s online behavior — such as which websites they visit and keystrokes they use the most — and use this data for profit.

Spyware may take screenshots of someone’s online activity and can gather information such as login credentials, credit card numbers, account PINs, and email addresses.

In the case of the Bahamut VPN scheme, users download the app and enter an activation key. The spyware becomes active when they do this. 

How to avoid Bahamut’s latest scheme

Install antivirus software on your phone if you’re an Android user. Be wary of apps you have to download from a third-party site.

Additionally, never open links from unfamiliar email accounts, as these can lead to malicious sites that install spyware or rope you into a phishing scam.

Even if a site looks legitimate, be aware that it could be a case of website spoofing, as anyone can make a professional-looking site. 

Following these common-sense online safety tips should keep you out of Bahamut’s sinister grasp.

Have any thoughts on this? Carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

• VPN security: How VPNs help protect your data online
• Pixel 7 and 7 Pro owners get a free VPN from Google
• What is a VPN, and what can you do with it?
• Top VPN scams revealed – here’s what to look out for in 2022