VERY IMPORTANT

The DONOT APT group, serving Indian national interests, has deployed Android malware named 'Tanzeem' for intelligence gathering against internal threats. The malware, disguised as a chat application, exploits OneSignal, a customer engagement platform, for malicious purposes. It requests dangerous permissions to access call logs, contacts, storage, SMS, location, and account information. The malware communicates with command-and-control servers and uses push notifications to encourage installation of additional Android malware, enhancing persistence. The group's evolving tactics indicate ongoing efforts in strategic intelligence collection across South Asia, targeting various organizations to assist India's interests.