An official Indian Army mobile application appears to have been cloned to target military personnel with Android phones, India Today reported on Wednesday.
Anti-malicious software platform Malware Hunter Team first detected the anomaly, discovering that the cloned app completely mimics the Army Mobile Aadhaar App Network (ARMAAN).
The original ARMAAN app is used by the military to disseminate information, express complaints about military engineering services, and reach out to the office of the Chief of Army Staff.
Cyber-threat intelligence firm Cyble has been conducting further analysis of the malware to reveal the methods used.
Initial investigation results indicate that a suspicious domain was used to distribute the counterfeit app.
Implications
Since the cloned app imitated the appearance and functionality of the official app, it could steal data from service members required to use their Aadhaar numbers and Aadhaar-linked mobile phones when opening the platform.
The fake app uses the device’s camera and microphone, accesses documents and pictures, and steals the user’s call and SMS data. It can also reveal the phone number and location of victims.
According to Cyble, the cloned app requests a total of 22 permissions. Around 10 of them were allegedly abused.
“The modified, malicious ARMAAN app poses a serious threat to the Indian Armed Forces,” Cyble explained on its blog. “It can perform RAT (Remote Access Trojan) activities with the potential to steal sensitive data from Indian Army personnel, such as contacts, call logs, SMS, location, and files from external storage, in addition to the ability to record sensitive audio.”