In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- QSC: A multi-plugin framework used by CloudComputating group in cyberespionage campaigns
November 8, 2024
In 2021, Kaspersky researchers began to investigate an attack on the telecom industry in South Asia. During the investigation, they discovered QSC: a multi-plugin malware framework that loads and runs plugins (modules) in memory. The framework includes a Loader, a Core module, a Network module, a Command Shell module and a File Manager module. It ...
- Venture Wolf attempts to disrupt Russian businesses with MetaStealer
November 5, 2024
BI.ZONE Threat Intelligence has discovered a previously unknown cluster whose activity can be traced back to November 2023. Dubbed Venture Wolf, the cluster employs multiple loaders to deliver MetaStealer to the target systems. The threat actor focuses on a range of industries, including manufacturing, construction, IT, and telecommunications. Stealers maintain their position among the most popular ...
- Canada labels India a ‘cyber adversary’ in new security report
November 1, 2024
India has been described as an adversary for the first time in an official Canadian government document. That description came in the National Cyber Threat Assessment 2025-2026 released by the Canadian Centre for Cyber Security, on Tuesday. In its section on cyber threat from “state adversaries”, it includes China, Russia, Iran, North Korea and India. In ...
- New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad
October 30, 2024
The Federal Bureau of Investigation (FBI), U.S. Department of Treasury, and Israel National Cyber Directorate are releasing this Cybersecurity Advisory (CSA) to warn network defenders of new cyber tradecraft of the Iranian cyber group Emennet Pasargad, which has been operating under the company name Aria Sepehr Ayandehsazan (ASA) and is known by the private sector ...
- Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
October 29, 2024
Since October 22, 2024, Microsoft Threat Intelligence has observed Russian threat actor Midnight Blizzard sending a series of highly targeted spear-phishing emails to individuals in government, academia, defense, non-governmental organizations, and other sectors. This activity is ongoing, and Microsoft will continue to investigate and provide updates as available. Based on our investigation of previous Midnight Blizzard ...
- Hackers breach sensitive government and police data in Italy
October 28, 2024
Prosecutors in Milan have uncovered a network of hackers and former law enforcement officials accused of using malware and insider contacts to break into several government databases, including the Interior Ministry. The group allegedly accessed over 800,000 confidential records, even targeting accounts linked to the president’s office. Prosecutors said on Saturday that the operation was allegedly ...