It seems that the victims of this spyware are selected specifically by the hackers, because once installed, the application hosting the spyware asks for an activation key, which unlocks both the VPN functionality and the spying functionality of the spyware. ‘user.
The main aim of the spyware is to extract sensitive data such as contacts, SMS messages, call logs, device location, recorded phone calls, list of installed apps, phone information, etc. the device used as well as the registered accounts.
It is also capable of exfiltrating chat messages exchanged through popular messaging apps, including Signal, Viber, WhatsApp, Telegram, and Facebook Messenger. Like other malware before it, it exploits vulnerabilities in Android’s accessibility services to act as a keylogger.