Social media and engineering used to spread "Tempted Cedar Spyware"

Dear Staff and students

Cyber-criminals are using social media and social engineering to dupe victims into downloading Advanced Persistent Threat (APT) spyware disguised as the Kik messenger app (messaging/chat App for Android devices).

The spyware dubbed “Tempted Cedar Spyware” is designed to steal information like contacts, call logs, SMS and photos as well as device information like geolocation in order to track users and is capable of recording surrounding sounds, including conversations of victims while their phone is within range.

The spyware's infection vector involves social engineering using attractive, but fictitious Facebook profiles. The fake Kik APK sent to victims is masqueraded as a legitimate Kik Messenger app, however after gaining access to the victims' phones, the spyware starts to exfiltrate sensitive data, sending data back to the attacker's infrastructure.

WHAT SHOULD USERS DO?

1) Users should install a legitimate antivirus software on their mobile devices (download one from Google Play, however pay attention to the reviews before you download and stick to well known antiviruses).
2) Never open links or download software sent to you from untrusted sources.
3) Pay attention to Social Media accounts you like, follow and links you click on
   (Facebook, Twitter, Instagram etc.).
4) Install University-wide security solution (Sophos) http://viruscheck.mak.ac.ug/ on both computers and mobile devices. Seek the the help of your college LAN administrator for installation of Sophos.

Please click the links below for more information.

https://www.hackread.com/malware-steals-data-to-hack-facebook-account/
https://www.hackread.com/android-malware-record-voice-calls-for-extortion-blackmailing/