VAMP
VAMP is spyware that monitors Android phones for credentials and private information that it transfers to its C&C server. VAMP's usage correlates with a team of hackers who favor e-mail and hoax website-based infection methods for their victims. Users can educate themselves on phishing templates for avoiding infection attempts and use anti-malware programs for removing VAMP.
A Vampire Sucking the Data Out of Middle Eastern Phones
Informational warfare between states is a serious business, and can often leverage Black Hat software for both desktop or laptop computers and mobile phones, increasingly. VAMP is one piece of evidence that shows the potential development synergies between threats for both environments, thanks to a Command & Control infrastructure that points fingers at similar Trojans. Like the other programs with implications in the associated attacks, VAMP is spyware that emphasizes the silent theft of sensitive intel from compromised devices.
VAMP is one of a series of 'in-house' or unique pieces of software that are custom-built by Two-tailed Scorpion or APT-C-23: a threat actor that also deploys KASPERAGENT and MICROPSIA for Windows systems while using VAMP and SECUREUPDATE for Android ones. Although there is a fair degree of organizational compartmentalization between these threats, all attacks share common factors: infecting users through fake websites, such as 'freeware' gaming or regional news domains, or e-mail-based attacks that trick users into opening shortened URLs or attachments.
VAMP has a less substantial set of features than its non-phone counterparts, but the ones it does possess are well-selected for collecting data while it avoids detection. It exfiltrates some formats of files (malware experts only can confirm its targeting document types), instant messaging histories, lists of contacts, and even audio calls via a recording feature. These features aren't as fully-fleshed-out as, for example, KASPERAGENT's remote command execution and keylogging, but are wholly adequate at making VAMP a high-level threat to the user's privacy.
A Stake through the Heart for Intelligence Leeches
Although spyware like VAMP doesn't display visual symptoms, generally, malware experts can recommend multiple means of preventing infections. Users can observe and preempt potential attacks in the following areas for both their Android phones and Windows PCs:
- Corrupted websites hosting content associated with VAMP's threat actor include free entertainment sites, such as gaming websites which may have legitimate content along with unsafe downloads and crafted news websites. Both templates showcase the hackers' willingness for designing an in-depth Web interface and user-facing 'storefront.' Users can disable Flash, Java, and JavaScript in their browsers, update all related software, and scan their downloads for detecting threats.
- Other attacks use traditional phishing lures over e-mail, with content that's crafted for the targets with the hope of encouraging clicks on corrupted, and usually obfuscated, links. Users should be cautious concerning any archive-compressed downloads, such as RARs especially.
Malware experts also confirm that these attacks focus on the United States and several, Middle Eastern regions, such as Egypt and Palestine. Users in those regions and elsewhere can keep anti-malware services active for deleting VAMP on sight as it appears.
VAMP seeks the digital equivalent of lifeblood from your devices – the information that's best kept hidden inside. However, any vampire requires an invitation before entering one's home, just like spyware like VAMP needs a helping hand from its victim.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.