June 6, 2016
Saudi security researchers applying for security jobs with the Saudi government and military were unwittingly installing spyware on their Android devices.
Intel Security’s Mobile Research division came across a job portal in Saudi Arabia that was distributing a private chat application for Android devices via its website.
Users that visited the ksa-sef[.]com portal looking for security job offers with the Saudi government and military, and wanted to install the app, would be infected with the Android/ChatSpy spyware.
Android/ChatSpy would steal private information from infected devices
This malware had no functional chat interface, would immediately hide its icon after the installation ended, start collecting data about the device and then would register the victim with a C&C (command and control) server.