A latest HenBox Android malware is targeting China-based mobile manufacturer Xiaomi and the devices that run on MIUI, a Google Android-based operating system developed by Xiaomi. This new malware is distributed with different types of legitimate Android apps such as Virtual Private Network (VPN) or other Android system-related apps. Users believe that they are installing authentic Android apps but in reality, the HenBox malware is being downloaded.
As per the Palo Alto blog post on March 13, HenBox was spotted masquerading as a variety of legitimate Android apps such as VPN and Android system apps and appears to primarily target the Uyghurs – a minority Turkic ethnic group that is primarily Muslim.
According to Palo Alto researchers, Some of the malware appeared to contain information that would appeal to Uyghurs with interest in or association with terrorist groups based on the a very specific third party app store in which the malware was spotted.
About HenBox Malware
HenBox malware is capable of gathering outgoing phone numbers that contain the prefix “86”. The malware can access microphone and camera of a device and attempts to steal private data as well as device information by using device sources of information like social media apps and mainstream chat. It also installs authentic versions of apps to deceive users into believing that they have downloaded legitimate apps.
According to HackRead blog post, HenBox is linked to the malicious DroidVPN app while researchers observed that over half of the malware-laden apps contain embedded APK objects, which are not usually part of authentic apps.
- Apps must be updated timely and app permissions should be reviewed to check the capabilities of the app.
- Do not download apps from third-party app stores.
- Avoid installation of pirated and infected versions.