ESET Discovers Kamran Spyware Targeting Hunza News Readers

Researchers at ESET have discovered a new type of mobile spyware called Kamran, targeting Urdu-speaking residents of the Gilgit-Baltistan region. The Android malware was found on the Hunza News website and was only available for download in the Urdu version of the site, while the English version did not offer this option.

Kamran spyware activates after downloading from the website and installing, requesting users’ permission to access personal data. If the user grants these permissions, the malware begins collecting information, including contacts, calendar events, call logs, location data, device files, text messages, images, and more.

The study found that at least 20 mobile devices were compromised as part of an ongoing malicious campaign. The malware was distributed from January to March 2023, coinciding with the time of mass protests in Gilgit-Baltistan. The region, known for its mountainous terrain and popular with international tourists, has become a focus of attention due to its strategic location and protest activities.

The malicious software, which was not found in the Google Play Store, requires users to enable the installation of apps from unknown sources. Researchers reached out to the owners of the Hunza News website for comment but did not receive a response before publishing their study.

The ESET team concluded that Kamran is a unique piece of software, unlike other known spyware programs, and emphasized the importance of downloading apps only from official and verified sources.