In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- UK pins ‘reckless campaign of cyber attacks’ on Russian military intelligence
October 4, 2018
The UK government this morning pointed the finger at Russian military intelligence for a litany of cyber nasties. In the bulletin, the UK government’s National Cyber Security Centre (NCSC) declared that a range of attacks blamed on the Kremlin are actually the work of Russian military intelligence, GRU. This comes in the wake of long-standing concerns that Russia ...
- US to offer cyberwar capabilities to NATO allies
October 4, 2018
Acting to counter Russia’s aggressive use of cyberattacks across Europe and around the world, the U.S. is expected to announce that, if asked, it will use its formidable cyberwarfare capabilities on NATO’s behalf, according to a senior U.S. official. The announcement is expected in the coming days as U.S. Defense Secretary Jim Mattis attends a meeting of NATO defense ministers ...
- Turla APT Changes Shape with New Code and Targets
October 4, 2018
The Turla APT group’s extensive activities have diversified this year, representing a mix of old code, new code and fresh targets. Perhaps most interesting, this sophisticated group is branching into using scripts and open-source code in its malware development – a marked departure for an APT best-known for deploying a complex rootkit called Snake, traditionally focused on ...
- US government hacker jailed after losing secrets
September 26, 2018
A man who illegally took home hacking tools from his workplace at the National Security Agency, and then allegedly lost them to Russian intelligence, has been jailed for five years and six months. Nghia Hoang Pho, 68, developed hacking tools at the NSA’s elite Tailored Access Operations (TAO) unit, which works on penetrating target computer networks ...
- British spies ‘hacked into Belgian telecoms firm on ministers’ orders’
September 21, 2018
British spies are likely to have hacked into Belgium’s biggest telecommunications operator for at least a two-year period on the instruction of UK ministers, a confidential report submitted by Belgian prosecutors is said to have concluded. The finding would support an allegation made by the whistleblower Edward Snowden five years ago when he leaked 20 slides exposing the ...
- Dangerous Pegasus Spyware Has Spread to 45 Countries
September 18, 2018
The malicious spyware has also been found in use in countries known for targeting human rights. The infamous Pegasus spyware, which targets iPhones and Android devices, has allegedly infiltrated 45 different countries across the globe — and six of those countries have used surveillance malware in the past to abuse human rights, a group of researchers ...