The GnatSpy hacking tool is believed to be a piece of malware, which has been created by the infamous Two-Tailed Scorpion APT (Advanced Persistent Threat) and is designed to target Android devices. This hacking group is believed to be located in the Middle East and has been reported to target mainly government bodies and officials in Israel and Palestine. Some believe that the Two-Tailed Scorpion group is working alongside the terrorist group Hamas to further their interests in the area. When the GnatSpy Trojan was dissected, it became clear that this threat is very similar to another hacking tool used by the Two-Tailed Scorpion group – the VAMP Trojan. It appears that the GnatSpy project may be an upgraded version of the VAMP Trojan.
The GnatSpy Trojan is being propagated via fraudulent applications, which are often hosted on third-party Web pages and may be spread via social media. As with both harmful and harmless applications, once the user installs it, the GnatSpy Trojan will request access to multiple features of the device and since this happens nearly every time a new app is installed the user may not notice anything fishy about the fake app’s behavior.
New Features and Capabilities for Spying
While VAMP's structure was pretty basic, the GnatSpy variant appears to have been reworked fully - it now has a modular structure, that would enable its operators to add & remove features according to their needs seamlessly. The Two-Tailed Scorpion hacking group also has made sure to further obfuscate the code of the GnatSpy Trojan to make it even more difficult for cybersecurity applications to spot its malicious activities.
Once the GnatSpy Trojan is active on a device, it will get in touch with the C&C (Command & Control) server of the attackers. This Trojan is capable of collecting a wide variety of data such as:
- Audio call recordings.
- Photos and videos.
- SIM card status.
- Calendar entries.
- Contact list.
- Battery usage.
- Storage usage.
The GnatSpy is a fairly new project of the Two-Tailed Scorpion APT, and it is likely that they will employ it in many more campaigns in the future as it is an improved version of their previous tool the VAMP Trojan. Users need to take their cybersecurity more seriously and avoid downloading applications from unknown sources and shady Web sites. It is also important to have a legitimate anti-malware tool on your Android device, which will keep you safe from threats like the GnatSpy Trojan.