Sidewinder Hackers Weaponize Nepal Protests to Spread Cross-Platform Malware

Sidewinder, a well-known advanced persistent threat (APT) group, has adapted its tactics to exploit the ongoing protests in Nepal, deploying a coordinated campaign of mobile and Windows malware alongside credential phishing.

By masquerading as respected national institutions and figures, the group seeks to harvest sensitive data from users tracking the nation’s political turmoil.

The protests, ignited by a government ban on social media and accusations of corruption, have led to dozens of fatalities and the ousting of key leadership, creating fertile ground for social engineering exploits.

In one campaign strand, Sidewinder operators crafted a phishing lure impersonating the Nepalese Emergency Service.

Victims receive messages purportedly from emergency responders, complete with a convincing email template and a spoofed domain, prompting users to enter their credentials on a fraudulent portal.

Once credentials are submitted, attackers gain access to personal and corporate accounts, which are then leveraged for further ...