In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- FBI launches investigation into Pegasus spyware vendor over US citizen hacks
January 31, 2020
The US Federal Bureau of Investigation (FBI) has launched an investigation into NSO Group based on suspicions that US residents and companies may have been compromised for intelligence-gathering purposes. According to the Reuters news agency, investigators began examining NSO in 2017 during an inquiry into whether US hackers had provided the code necessary for the company to ...
- Jeff Bezos hack: Amazon boss’s phone ‘hacked by Saudi crown prince’
January 22, 2020
The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of Saudi Arabia, sources have told the Guardian. The encrypted message from the number used by Mohammed bin Salman is believed to have included a malicious file that infiltrated ...
- US Cyber Command was not prepared to handle the amount of data it hacked from ISIS
January 21, 2020
Documents obtained through FOIA (Freedom of Information Act) requests and made public today reveal that while successful, the US Cyber Command’s campaign to hack ISIS faced some issues, such as lacking the storage space to store all the information stolen from ISIS accounts. The six heavily-redacted documents published today by the National Security Archive at the ...
- Mitsubishi Electric discloses security breach, China is main suspect
January 20, 2020
In a short statement published today on its website, Mitsubishi Electric, one of the world’s largest electronics and electrical equipment manufacturing firms, disclosed a major security breach. Although the breach occurred last year, on June 28, and an official internal investigation began in September, the Tokyo-based corporation disclosed the security incident today, only after two local newspapers, the Asahi ...
- New JhoneRAT Malware Targets Middle East
January 17, 2020
Researchers are warning of a new remote access trojan (RAT), dubbed JhoneRAT, which is being distributed as part of an active campaign, ongoing since November 2019, that targets victims in the Middle East. Once downloaded, the RAT gathers information on the victims’ computers and is also able to download additional payloads. Evidence shows that the attackers behind JhoneRAT ...
- Operation AppleJeus Sequel
January 10, 2020
The Lazarus group is currently one of the most active and prolific APT actors. In 2018, Kaspersky published a report on one of their campaigns, named Operation AppleJeus. Notably, this operation marked the first time Lazarus had targeted macOS users, with the group inventing a fake company in order to deliver their manipulated application and exploit ...