In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- WikiLeaks’ latest release of CIA cyber tools could blow cover on agency hacking operations
April 1, 2017
WikiLeaks’ latest disclosure of CIA cyber tools reveals a technique used by the agency to hide its digital tracks, potentially blowing the cover on current and past hacking operations aimed at gathering intelligence on terrorists and other foreign targets. The release on Friday of the CIA’s “Marble Framework” comes less than a month after the anti-secrecy ...
- Espionage Group Turla Tweaks Carbon Backdoor Malware with New Variants
March 30, 2017
Russian espionage group Turla has been working on various tools for years, including several new versions of Carbon, a second stage backdoor malware. The discovery was made by researchers from ESET who claim that this malware is still under active development. Since the group is well known for changing its tools once they are exposed, it’s ...
- Germany Fought Off Two Fancy Bear Cyber Attacks in 2016
March 27, 2017
Fears about Russian involvement in European elections, especially after last year’s US election, aren’t exactly unfounded or born out of paranoia. In fact, Germany says it fended off two cyber attacks coming from the same cybercriminals that targeted Hillary Clinton’s campaign. Arne Schoenbohm, a top German official, told Reuters they managed to fight off two attacks ...
- Treason charges against Russian cyber experts linked to seven-year-old accusation
February 26, 2017
Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation. They said the arrests concern allegations that the suspects passed secrets to U.S. firm Verisign and other ...
- Second FSB Agent Arrested for Treason Revealed as Notorious Hacker
January 27, 2017
Major Dmitry Dokuchaev, one of four cyber-security experts arrested by the Kremlin on charges of treason, has allegedly been revealed as an infamous Russian hacker. Dokuchaev worked as a hacker under the alias “Forb” until Russia’s Federal Security Service (FSB) threatened to jail him, an unverified source told the RBC newspaper. “Forb” gave a interview to Russian ...
- Greenbug cyberespionage group targeting Middle East, possible links to Shamoon
January 23, 2017
Symantec is currently investigating reports of yet another new attack in the Middle East involving the destructive disk-wiping malware used by the Shamoon group (W32.Disttrack, W32.Disttrack.B). Similar to previous attacks, the Disttrack malware used by Shamoon is just the destructive payload. It required other means to be deployed on targeted organizations’ networks and is configured ...