SandStrike is a type of spyware that attacks different kinds of data on an Android device, like call logs, contacts, etc., to spy on and track the activities of its victims. The spyware is sent out using a VPN app infected with malware.

Let us understand the stepwise process of SandStrike spyware infection:

  1. The spyware exploits people’s religious faith to target them.
  2. The threat actors build authentic-looking social media profiles on various platforms, including Facebook and Instagram.
  3. The pages share religion-oriented posts to grab the attention of firm believers of the religion.
  4. After gaining the victim’s attention, the threat actors share links for watching more videos around religion-focused topics.
  5. Generally, the links lead to apps such as Telegram channels or VPN apps owned by the cyber threat artists.
  6. The idea is to use VPN apps to bypass Government’s cyber security and watch religion or faith-oriented content that is otherwise banned by the Government.
  7. These links are injected with malicious code for SandStrike spyware.
  8. When victims click on the link to download the VPN app, the spyware is automatically downloaded and installed on the target device.

Users rely on VPN to seek privacy & security to hide their internet activity. However, the threat actors cunningly trick users and use the VPN to intercept the same. Once the SandStrike spyware is installed on the target device, it starts spying through the infected device.

What Type of Data Does SandStrike Target?

SandStrike spyware targets diverse types of data including, but not limited to:

  • Call logs
  • Contact list
  • Messages
  • Personal data
  • Search history
  • Saved financial details
  • Login credentials

In addition to scooping through the data on the device, the spyware also monitors the user’s activity to collect information that can be used for social engineering attacks.

The spyware collects all the data & sends it to remote servers owned by the threat actors. The cybercriminals use this data for financial gain by selling it on the dark web or using it to fabricate severe cyber-attacks such as identity theft, ransomware, etc.

How to Stay Protected Against SandStrike Spyware Attacks?

While antivirus and antimalware programs may not provide effective protection against spyware, a few best security practices can help protect your devices.

  1. Be cautious before clicking on social media and email links.
  2. Download VPN apps from the original developer’s link in the Google Play Store. Make sure to check the reviews, number of downloads, correct spelling of app name, and correct name of the developer before downloading the app.
  3. Refrain from saving your financial information on your browser or payment apps for easy payments.
  4. Download the latest updates for your operating system and apps on the device.

To know more about enterprise cybersecurity solutions for your business, contact Centex Technologies at Killeen (254) 213 – 4740, Dallas (972) 375 – 9654, Atlanta (404) 994 – 5074, and Austin (512) 956 – 5454.