Cybersecurity company Kaspersky reported on Friday that members of the Baháʼí religious community were being targeted by the Android espionage campaign SandStrike, in which a VPN application with spyware was shared with victims.
(For insights on emerging themes at the intersection of technology, business and policy, subscribe to our tech newsletter Today’s Cache.)
Calling the spyware “highly sophisticated,” Kaspersky reported that the hackers started Facebook and Instagram accounts with over 1,000 followers and shared religious content to attract more followers of the Baháʼí faith.
On an associated Telegram channel, the SandStrike perpetrator shared a VPN application that had fully-functioning spyware. Through this, the attacker would have been able to exploit data such as the users’ call logs and contact lists.
Followers of the Bahá’í faith are targeted and persecuted in several countries, as many orthodox leaders and regimes believe the religion violates the principles of Islam.
“In this channel, the actor behind SandStrike distributed a seemingly harmless VPN application to access sites banned in certain regions, for example, religious-related materials. To make this application fully functional, adversaries also set up their own VPN infrastructure,” said Kaspersky’s report.
The spyware-loaded VPN would have let the attacker further track the users to learn more about their lives.
The Bahá’í faith originated in Iran in the 19th century and has millions of followers worldwide.