Installation of Tanzeem or Tanzeem Update triggers a bogus chat page containing a “Start Chat” button, which when clicked would lure targets into permitting accessibility permissions as the app seeks permissions enabling contact, call log, location, account information, and external storage file exfiltration activities, according to an analysis from Cyfirma.
Solana private key exfiltration facilitated by illicit npm packages
