A group called BladeHawk is behind the campaign that has been active since at least March 2020, researchers say. The campaign disguises the 888 RAT in Android apps using dedicated Facebook profiles. Each of these profiles contained fake app descriptions and links to download an app, according to the report. The profiles have been reported to Facebook and since been disabled, the researchers said. In one instance, the campaign spread the SpyNote trojan, an older commercial spy tool that has a history of masquerading as legitimate apps, including Netflix.”]
Source: https://threatpost.com/bladehawk-attackers-kurds-android/169300/