Sidewinder Hacks Nepal Protesters With Fake Apps

A wave of political unrest in Nepal during September 2025 triggered a calculated cyber campaign from the Sidewinder APT group, researchers say. As anti-government protests gained momentum, Sidewinder hackers targeted Nepal protesters by disguising malware as emergency service tools for both Android and Windows platforms.

The attackers used phishing sites mimicking Nepalese authorities to trick users into downloading fake emergency apps. On mobile devices, victims installed an APK named Gen_Ashok_Sigdel_Live.apk, believing it offered live updates. Windows users were lured by a cloned helpline portal distributing EmergencyApp.exe. Both versions gained access to sensitive files, microphones and cameras. Sidewinder hackers targeting Nepal protesters embedded their malware with decoy content from trusted news outlets to increase credibility and evade scrutiny.

The malware filtered documents and images, then uploaded them via HTTP POST to a command-and-control server. Analysts advise monitoring suspicious APKs, registry changes and traffic to playservicess.com.

Read the full report at https://cybersecuritynews.com/sidewinder-apt-hackers-leverage-nepal-protests/