Hi guys,

ESET researchers have identified an active espionage campaign attributed to the StrongPity APT (Advanced Persistent Threat) group. The campaign has been active since November 2021 and is distributing a malicious app through a website impersonating www.shagle.com, a video chat service that provides encrypted communications for strangers.

Unlike www.shagle.com, an entirely web-based service with no downloadable app, the impostor website prompts the user to download a malware-laden application. The malware-laden app is an implementation of the open-source Telegram app, which has been re-packaged with a back door code.

Once installed on a device, the Strongpity malware can extract the following:

  • Device location
  • Recording phone calls,
  • Collecting SMS messages,
  • Call logs,
  • Contact lists

Also, if the victim grants the malicious StrongPity app accessibility services during the installation, it will also be able to spy on the following instant messaging and social media applications:

  • Facebook Messenger
  • Facebook Messenger Lite
  • Viber – Safe Chats And Calls
  • Skype
  • LINE: Calls & Messages
  • Kik — Messaging & Chat App
  • Tango-live stream & video chat
  • Hangouts
  • Telegram
  • WeChat
  • Snapchat
  • Tinder
  • Hike News & Content
  • Instagram
  • Twitter
  • Gmail
  • Imo-International Calls & Chat

How do you stay safe?

  • If you are a user of the Shagle service, only use it on www.shagle.com and never on any other websites.
  • Remember that Shagle does not offer an app to download. It is entirely web-based.
  • Use the Incognito website checker to check if the website is safe before visiting it. We are tracking most websites in the world, and we know if they’re safer or not. Please use this invaluable resource to keep you safe.

Thanks, and sending you all the best.

Max Roberts,
Incognito Privacy Care Team