The team at CYFIRMA recently obtained suspicious Android apps hosted on the Google Play Store under the account “SecurITY Industry”. Further technical analysis revealed that the app has malware characteristics and belongs to the notorious Advanced Persistent Threat Group; “DoNot”, which recently targeted individuals in the Kashmir region. In a recent observation, we found the threat actor is using Android payload against individuals in the Pakistan region, however, it is still unknown what drives them to conduct cyber strikes in the South Asian region.

Read more here.