In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Mobile Malware and APT Espionage: Prolific, Pervasive, and Cross-Platform
October 23, 2019
Until now, the public’s exposure to mobile phone malware has been dominated by news about the privately run “greyware” vendors who have made headlines for being purveyors of spyware tools. These commercial smartphone spyware tools reportedly end up in the hands of autocrats who use it to hamper free speech, quash dissent, or worse. Consumers ...
- Russian APT Turla targets 35 countries on the back of Iranian infrastructure
October 21, 2019
Dozens of countries have become embroiled in a state-backed spat between Russian and Iranian hacking groups, security agencies have warned. On Monday, the UK’s National Cyber Security Centre (NCSC), together with the US National Security Agency (NSA), published an advisory warning that military establishments, government departments, scientific organizations, and universities are among victims of an ongoing hacking campaign ...
- Researchers find stealthy MSSQL server backdoor developed by Chinese cyberspies
October 21, 2019
Chinese cyberspies have developed malware that alters Microsoft SQL Server (MSSQL) databases and creates a backdoor mechanism that can let hackers connect to any account by using a “magic password.” Furthermore, as an added benefit, the backdoor also hides user sessions inside the database’s connection logs every time the “magic password” is used, helping hackers remain ...
- Equipping the Education Sector With Threat Intelligence to Defend Against Cyberattacks
October 17, 2019
When you think about sophisticated cyberattacks, certain targeted industries probably come to mind immediately — government, critical infrastructure, and financial services, to name a few. It’s fair to say that for most people, the education sector isn’t generally first on that list. Despite this, educational institutions (particularly those in higher education) have become an increasingly popular ...
- New espionage malware found targeting Russian-speaking users in Eastern Europe
October 10, 2019
Security researchers have discovered an advanced malware strain that’s been deployed to spy on diplomats and Russian-speaking users in Eastern Europe. The malware, named Attor, has been used in attacks since 2013 but was only discovered last year, according to an ESET report published today. ESET said the malware bears the signs of a targeted espionage campaign ...
- Google Warns of Android Zero-Day Bug Under Active Attack
October 4, 2019
Google is warning of an Android zero-day flaw actively being exploited in the wild, which gives an attacker full control over 18 phone models including its flagship Pixel handset and devices made by Samsung, Huawei and Xiaomi. Google’s Project Zero warned late Thursday that it suspected the vulnerability was being exploited by the controversial Israeli-based NSO ...