Hackers have targeted two elite defense organizations in India through Whatsapp. They had distributed two malicious files targeting defense and security personnel of the National Defense Academy (NDA) and the National Investigation Academy(NIA). These notorious virus files are named “NDA-ranked-8th-toughest-College-in-the-world-to-get-into.xls” and “NIA-selection-order-.xls”. They look seemingly authentic and dupe users into opening them.
The National Defence Academy (NDA) is the Joint Services academy of the Indian Armed Forces, while the National Investigation Agency (NIA) is a central Indian government agency to combat terror. Both are important defense organizations. This malware targets Android OS devices and it has the capacity to obtain all types of privileges, gain control of the victim’s Android device and then steal important personal information, login credentials and banking information such as passwords and PIN numbers
This malware has been circulated predominantly as MS excel files, however, officials suspect that the malware could also have been spread as “.pdf” and MS Word files. The government has alerted the defense organization personnel about the malicious files doing their rounds. Security officials in India have stated that “It has been analyzed that the men and women in defense, paramilitary and police forces could be the target groups”.
It is not yet known whether this attack campaign is the work of nation-state actors or a state-sponsored hacking group or just independent hackers. While India had blamed Pakistan for earlier malware campaigns, it has not yet accused its rival this time.
The complete capabilities of this Whatsapp virus are not yet known. However, what is known now is that this malware specifically targets Android devices, but variants may exist that target other operating systems.
WhatsApp is a popular instant messaging service, and hackers use it to distribute different types of malware such as viruses, ransomware, spyware, trojans, etc.., disguised as typical, harmless files. It is the user who must take adequate precautions. Attachments or links from unknown/suspicious sources must not be opened. In this case, the file name looked authentic, and it would have fooled many as the file names looked informative and harmless. This demonstrates the necessity of security software to ensure Android Security for Android devices and Mobile Security in general.
Earlier, it has been suspected that Russian hacking groups, possibly state-sponsored, had infected the mobile devices of military personnel in Ukraine. This malware provided critical information about the movement and position of Ukrainian Artillery which helped the Russian military to attack these artillery units. Defense personnel should be wary of such possible malware attacks.
Mobile (smartphone) users use their devices to store plenty of personal information and also perform banking transactions. It is hence important that they protect their mobile device with a robust antivirus (endpoint security) and secure device management solution. This is all the more important for defense and security personnel.