KATHMANDU: According to Kaspersky research, hackers with suspected links to the Vietnamese government have been using the Google Play Store to distribute malicious software in various countries including  Nepal for the last four years.

Kaspersky stated that the targeted Android campaign ‘PhantomLanc’ affected roughly 300 devices in nearly a dozen countries including Nepal, Vietnam, India, Bangladesh, Indonesia, Iran, Algeria, South Africa, Myanmar, and Malaysia.

Researchers say with “medium confidence” the espionage campaign is connected to a known hacking group, OceanLotus or APT32, previously linked to the Vietnamese government.

While attackers are targeting users in several countries, they appear to be especially focused on users in Vietnam.

The effort suggests hackers are running domestic as well as foreign espionage operations, according to Kaspersky.

They have been distributing their campaign through applications which promise to help users locate the nearest pub in Vietnam, or providing information on nearby churches.

In addition to sharing APT32’s interest in victims located in Vietnam, the PhantomLance campaign’s malware, code structure, and payloads overlap with known APT32 tools, Kaspersky Security Researcher Alexey Firsh said in a blog post.

It’s the latest example of apparent state-backed hackers and scammers abusing the Google Play Store to trick users into downloading malicious applications. Suspected Iranian-backed and Russian-backed groups also have taken advantage of the platform to distribute malware in previous years.

Google has taken steps in the last several months to improve its approach to rooting out bad actors on its store, most recently announcing a partnership with mobile security vendors.

The company did not immediately return a request for comment.

Kaspersky’s findings build on an earlier set of malware that Dr. Web, a Russian firm, exposed on the Google Play Store last year.

(with inputs from Agencies)