DiscoverCYFIRMA ResearchCYFIRMA Research- Android Malware in DONOT APT Operations
CYFIRMA Research- Android Malware in DONOT APT Operations

CYFIRMA Research- Android Malware in DONOT APT Operations

Update: 2025-01-22
Share

Description

The CYFIRMA team has analyzed malware linked to the Indian APT group DONOT, uncovering its use of a deceptive app called “Tanzeem” to gather intelligence under the guise of a chat platform. The app shuts down after permissions are granted, suggesting a targeted approach. Two analyzed versions, from October and December, showed minimal differences, indicating consistent tactics. The misuse of the OneSignal platform, typically for legitimate notifications, to deliver phishing links highlights the group’s evolving methods to maintain persistence. These findings emphasize the need to understand such threats as the group continues adapting to target individuals across the region. Read the full analysis for more details.
 
Link to the Research Report: https://www.cyfirma.com/research/android-malware-in-donot-apt-operations/

 #CyberSecurity #APTGroup #ThreatIntelligence #donotapt #aptdonot #internalthreat #CYFIRMA #tanzeem #OneSignal #androidmalware #malware #CyfirmaResearch #ExternalThreatLandscapeManagement #ETLM

https://www.cyfirma.com/

Comments 
In Channel
CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

CYFIRMA Research- SeedSnatcher: Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrases

2025-12-1804:16

CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft

CYFIRMA Research- RTO Challan Fraud A Technical Report on APK-Based Financial and Identity Theft

2025-12-1607:17

CYFIRMA Research- Tracking Ransomware – November 2025

CYFIRMA Research- Tracking Ransomware – November 2025

2025-12-1205:17

CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities

CYFIRMA Research- APT36 Python Based ELF Malware Targeting Indian Government Entities

2025-12-1104:46

CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool

CYFIRMA Research: North Korean Cyber Crime as a Statecraft Tool

2025-12-0907:08

CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report

CYFIRMA Research: Rising Cybercrime During Black Friday & Cyber Monday- A 2025 Threat Intelligence Report

2025-12-0108:05

CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation

CYFIRMA Research: Tycoon 2FA- A Technical Analysis of its Adversary-in-the-Middle Phishing Operation

2025-11-2703:21

CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence

CYFIRMA Research- Pig Butchering Scams: Cybercrime Threat Intelligence

2025-11-2107:51

CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East

CYFIRMA Research- Regional Stability on Shaky Ground: Cyber Threat Escalation in the Middle East

2025-11-1407:15

CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You

CYFIRMA Research- Telemetry Relay: When Diagnostics Turn Against You

2025-11-1106:07

CYFIRMA Research- Tracking Ransomware: October 2025

CYFIRMA Research- Tracking Ransomware: October 2025

2025-11-1003:19

CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan

CYFIRMA Research: Android/BankBot- YNRK Mobile Banking Trojan

2025-11-0403:50

CYFIRMA Research- GhostGrab Android Malware

CYFIRMA Research- GhostGrab Android Malware

2025-11-0305:17

Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis

Cyfirma Research- CVE-2025-6541: TP-Link Omada Gateway Remote Command Injection Vulnerability Analysis

2025-10-3104:51

CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise

CYFIRMA Research: DPRK Sanctions Violations in Cyber Operations Post-UN Panel Demise

2025-10-1305:49

CYFIRMA Research- Tracking Ransomware: September 2025

CYFIRMA Research- Tracking Ransomware: September 2025

2025-10-0704:11

CYFIRMA Research: Yurei Ransomware- The Digital Ghost

CYFIRMA Research: Yurei Ransomware- The Digital Ghost

2025-10-0606:14

CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

CYFIRMA Research- DeerStealer Malware Campaign: Stealth, Persistence, and Rootkit-Like Capabilities

2025-09-2203:30

CYFIRMA Research- Defence Industry Threat Report

CYFIRMA Research- Defence Industry Threat Report

2025-09-1906:04

CYFIRMA Research: Unmasking a Python Stealer- XillenStealer

CYFIRMA Research: Unmasking a Python Stealer- XillenStealer

2025-09-1706:18

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

CYFIRMA Research- Android Malware in DONOT APT Operations

CYFIRMA Research- Android Malware in DONOT APT Operations

CYFIRMA