Fake Bahrain Government Android App Steals Personal Data Used for Financial Fraud

**Executive summary:** McAfee Mobile Research identified an Android InfoStealer campaign targeting users in Bahrain by impersonating the Labour Market Regulatory Authority and various financial/loan apps to collect CPR numbers, phone numbers, personal data and SMS; distribution occurs via fake Facebook pages and SMS phishing and the malware uses Firebase Firestore for dynamic phishing URL loading. The report provides multiple IOCs (SHA256 hashes, package names, malicious domains and Firebase endpoints) and notes roughly 62 observed victims at the time of writing.