We recently conducted an investigation into a malicious Android malware sample, which we believe can be attributed to the StrongPity APT group, that was posted on the Syrian e-Gov website. To the best of our knowledge, this is the first time that the group has been publicly observed using malicious Android applications as part of its attacks.
We first learned about the sample from a thread shared on the MalwareHunterTeam Twitter. Based on the discussion thread, we learned that the shared sample is a trojanized version of the Syrian e-gov Android application that would steal contact lists and collect files with specific file extensions from its victim’s device.
Source: Trend Micro