The Donot APT group (APT-C-35) is an APT (Advanced Persistent Threat) organization that targets government bodies and organizations. The threat actors have previously attacked Asian countries including China, Pakistan, and other South Asian countries. Languages like C++, Python, .net, and several others are used by the group to develop malicious programs.
The group leverages malicious Android APKs in their attacks and spreads malware through spear-phishing emails with infected attachments containing exploitable malware or malicious macros. These android applications masquerade as system tools and can be identified using VirusTotal. The applications are mostly mobile games, news apps, and fake apps. After successful installation, the apps perform trojan functions in the background. The remote attackers are then able to control the victim’s system and steal credentials and confidential information.