In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Defence data hack puts cyber security in the spotlight
October 12, 2017
Defence Industry Minister Christopher Pyne has warned firms they face losing government contracts if they do not have strong levels of protection against cyber attacks in place after a massive hack of secret data involving Australia’s new fleet of Joint Strike Fighter aircraft, spy planes and warships. As cyber security experts backed the minister’s call, Mr Pyne deflected ...
- U.S. Believes Russian Spies Used Kaspersky Antivirus to Steal NSA Secrets
October 6, 2017
Do you know—United States Government has banned federal agencies from using Kaspersky antivirus software over spying fear? Though there’s no solid evidence yet available, an article published by WSJ claims that the Russian state-sponsored hackers stole highly classified NSA documents from a contractor in 2015 with the help of a security program made by Russia-based security firm Kaspersky ...
- Spy vs spy vs hacker vs… who is THAT? Everyone’s hacking each other
October 5, 2017
VB2017 Intel agencies and top-tier hackers are actively hacking other hackers in order to steal victim data, borrow tools and techniques, and reuse each other’s infrastructure, attendees at Virus Bulletin Con, Madrid, were told yesterday. The increasing amount of spy-vs-spy type activity is making accurate threat intel increasingly difficult for security researchers, according to Kaspersky Lab. Threat intelligence ...
- FormBook—Cheap Password Stealing Malware Used In Targeted Attacks
October 5, 2017
It seems sophisticated hackers have changed the way they conduct targeted cyber operations—instead of investing in zero-days and developing their malware; some hacking groups have now started using ready-made malware just like script kiddies. Possibly, this could be a smart move for state-sponsored hackers to avoid being attributed easily. Security researchers from multiple security firms, including Arbor Networks and FireEye, ...
- Russian cybersecurity firm Kaspersky Lab a ‘danger’ to US security, senator warns
September 5, 2017
Prominent cybersecurity firm Kaspersky Lab poses a danger to U.S. security, warns Sen. Jeanne Shaheen, D-N.H., who is pushing to prohibit the federal government from using the Moscow-based company’s products. In a New York Times column, Shaheen alleges that the company has “extensive” ties to Russian intelligence, noting that the firm’s founder Eugene Kaspersky graduated from the ...
- Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests
August 11, 2017
An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels ...