Malicious Kik App Spread via Facebook Messenger

Avast researchers discovered a malware distribution campaign linked to Lebanon that uses fraudulent Facebook profiles and the Facebook Messenger app to distribute a malicious version of the Kik Messenger to unsuspecting Android users. This malicious application, dubbed Tempting Cedar Spyware, is designed to steal victims’ contacts, call logs, SMS messages, and photos, along with device information such as geolocation. It can also use the infected device’s microphone to record audio and transmit it back to the attackers. Avast noted that the fraudulent Facebook profiles used pictures of young, attractive women to lure targeted male victims into an online conversation. Eventually, the attackers behind the profiles would ask victims to move the conversation to the Kik messaging platform, sending them a link to a website that hosted the malicious Android APK file. Once installed, the malware would connect to a C2 server and allow the attackers to take control of the device. The NJCCIC recommends Android device users who may have been impacted by this campaign review Avast’s report to determine if their device was infected by Tempting Cedar Spyware. Additionally, we recommend Android users run a reputable antivirus application on all devices, avoid downloading apps that require excessive device permissions, and refrain from downloading any apps from third-parties or unofficial app stores.