Since, at least, July 2021, a malicious Android installation program has been found targeting Indian defence personnel.
The information comes from an external threat landscape management platform Cyfirma report, which the company shared with Infosecurity. Further investigation by the firm found that the threat actors behind the tool were utilising a Spymax RAT variant, which is a remote access trojan.
The research team stated that, based on the data reviewed, they could not tie the present attack to a specific nation-state threat actor group.