Зарегистрируйтесь сейчас для лучшей персонализированной цитаты!

A stalker's wishlist: PhoneSpy malware destroys Android privacy

10 ноября 2021 г Hi-network.com

A new spying campaign involving PhoneSpy malware has infected thousands of victim devices to date. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

On Wednesday, Zimperium zLabs published a new report on PhoneSpy, spyware developed to infiltrate handsets operating on Google's Android OS. 

To date, 23 malicious apps harboring the spyware have been found, but none of the samples were discovered in the official Google Play Store -- suggesting that PhoneSpy is being distributed via third-party platforms. 

Also:How to find and remove spyware from your phone

The latest PhoneSpy campaign appears to be focused on South Korea, with the malware bundled into seemingly-benign mobile apps including messaging, yoga instruction, photo collection and browsing utilities, and TV/video streaming software. 

zLabs suspects that the initial infection vector is a common one: the use of phishing links posted to websites or social media channels. 

Once a victim installs and executes the app's APK file, PhoneSpy is deployed. PhoneSpy targets Korean-speakers and will throw up a phishing page, pretending to be from a popular service -- such as the Kakao Talk messaging app -- in order to request permissions and to steal credentials. 

When you think of spyware right now, it may be that Pegasus comes to mind -- a silent, pernicious form of malware that has been used to spy on high-profile lawyers, activists, government figures, and journalists. 

While PhoneSpy appears to be more run-of-the-mill, the malware's capabilities, too, cannot be dismissed out of hand. The malware is described as an "advanced" Remote Access Trojan (RAT) capable of quietly conducting surveillance on a victim and sending data to a command-and-control (C2) server. 

PhoneSpy's functionality includes monitoring a victim's location via GPS; recording audio, images, and video in real-time by hijacking mobile microphones and both front and rear cameras; intercepting and stealing SMS messages, call forwarding, call log and contact list theft, sending messages on behalf of the malware's operator, and exfiltrating device information. 

In addition, PhoneSpy has been developed with obfuscation and concealment features and will hide its icon to stay undetected -- a common tactic employed by spyware and stalkerware. The malware may also attempt to uninstall user apps, including mobile security software.

zLabs believes that the campaign has been used to gather "significant amounts of personal and corporate information [from] victims, including private communications and photos."

The campaign is still ongoing. US and Korean authorities have been informed. 

"The victims were broadcasting their private information to the malicious actors with zero indication that something was amiss," the researchers say. "Even though thousands of South Korean victims have fallen prey to the spyware campaign, it is unclear whether they have any connections with each other. But with the ability to download contact lists and send SMS messages on behalf of the victim, there is a high chance that the malicious actors are targeting connections of current victims with phishing links."

Previous and related coverage

  • With one update, this malicious Android app hijacked millions of devices
  • How to find and remove spyware from your phone
  • This new Android malware gets full control of your phone to steal passwords and info

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


Recommends

The 5 best VPN services (and tips to choose the right one for you)The best AI art generators: DALL-E 2 and other fun alternatives to tryThe best Android phones you can buy (including a surprise pick)The best robot vacuum and mop combos (and if they're worth the money)
  • The 5 best VPN services (and tips to choose the right one for you)
  • The best AI art generators: DALL-E 2 and other fun alternatives to try
  • The best Android phones you can buy (including a surprise pick)
  • The best robot vacuum and mop combos (and if they're worth the money)

tag-icon Горячие метки: Технологии и оборудование Безопасность и охрана

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.