What: Large-scale mobile malware campaign targets Android and iOS users across Asia with fake dating and social networking apps, stealing personal data and enabling blackmail operations.

Why it is important: The campaign's success in bypassing platform security measures while targeting both Android and iOS users demonstrates an evolution in mobile threats that could severely impact retail sector's digital transformation efforts.

Security researchers have uncovered a major mobile malware campaign, codenamed SarangTrap, targeting both Android and iOS platforms through deceptive applications. The operation involves over 250 malicious Android apps and more than 80 fraudulent domains masquerading as legitimate dating and social media applications. The malware's sophisticated approach includes using invitation codes to evade detection and requesting extensive device permissions to access sensitive data. On Android devices, the malware captures SMS messages, contact lists, and files, while the iOS variant exploits mobile configuration profiles to harvest contacts and photos. The campaign's operators have demonstrated ongoing development of their tactics, with newer variants focusing on data collection and showing evidence of blackmail attempts against victims. The cross-platform nature of the threat and its use of social engineering highlights the evolving sophistication of mobile malware attacks.

IADS Notes: The emergence of this sophisticated mobile malware campaign in July 2025 represents a critical escalation in retail cybersecurity threats, building on a year of unprecedented incidents. In May 2025, the retail sector witnessed record-level account takeover attacks, with criminals compromising 2.5 million retail accounts through mobile app vulnerabilities. This trend mirrors the current campaign's sophisticated exploitation of fake apps and invitation codes. The impact on customer trust is particularly concerning, as evidenced by April 2025 data showing how major retail data breaches caused customer recommendation rates to plummet from 87% to 73%. The cross-platform nature of these threats was demonstrated by Dior's Chinese database breach in May 2025, while Cartier's June 2025 incident highlighted the regulatory implications of data protection failures. These incidents gain additional significance given that March 2025 saw a single security update failure cause £5.4 billion in losses across Fortune 500 companies, underlining the potential scale of damage from sophisticated mobile malware attacks.

Cybercriminals use fake apps to steal data and blackmail users across Asia's mobile networks