Google’s Threat Analysis Group is working behind the scenes to keep ‘high risk’ users safe from cyber threats.
Spyware can come in many forms and in May of last year, Google’s Threat Analysis Group discovered that state-sponsored hackers had disguised their malicious software as a VPN app and uploaded it to the Google Play Store. The search giant’s Threat Analysis Group tracks a wide variety of threats and state-sponsored hackers in order to warn its users when they have been targeted online. One of the more notable campaigns it recently tracked was led by state-sponsored hackers from Iran that go by the name APT35. Back in May of 2020, Google’s threat analysts discovered that APT35 had attempted to upload spyware to the Google Play Store by disguising their malicious payload as a VPN app designed to mimic the look and feel of ExpressVPN. If installed on a user’s devices, this fake VPN app could steal sensitive information including call logs, text messages, contacts and location data from devices.
