In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- TA422’s Dedicated Exploitation Loop – the Same Week After Week
December 5, 2023
Starting in March 2023, Proofpoint researchers have observed the Russian advanced persistent threat (APT) TA422 readily use patched vulnerabilities to target a variety of organizations in Europe and North America. TA422 overlaps with the aliases APT28, Forest Blizzard, Pawn Storm, Fancy Bear, and BlueDelta, and is attributed by the United States Intelligence Community to the Russian ...
- AeroBlade on the hunt targeting the U.S. Aerospace industry
November 30, 2023
BlackBerry has uncovered a previously unknown threat actor targeting an aerospace organization in the United States, with the apparent goal of conducting commercial and competitive cyber espionage. The BlackBerry Threat Research and Intelligence team is tracking this threat actor as AeroBlade. The actor used spear-phishing as a delivery mechanism: A weaponized document, sent as an email ...
- Hellhounds: Operation Lahat
November 30, 2023
In 2023, Positive Technologies Computer Security Incident Response Team (PT CSIRT) discovered that a certain power company was compromised by the Decoy Dog trojan. According to the PT CSIRT investigation, Decoy Dog has been actively used in cyberattacks on Russian companies and government organizations since at least September 2022. This trojan was previously discussed by NCIRCC, Infoblox, ...
- France bans ministers from WhatsApp, Signal; demands French alternatives
November 30, 2023
French Prime Minister Élisabeth Borne has banned widely used messaging apps WhatsApp, Telegram and Signal for ministers and their teams due to security vulnerabilities, according to a memo obtained by French news outlet Le Point. “These digital tools are not devoid of security flaws, and therefore cannot guarantee the security of conversations and information shared via ...
- Foreign spy conducts cyberattacks against China’s defense, high-tech firm
November 27, 2023
China’s Ministry of State Security (MSS) disclosed a new case on Monday of foreign espionage activities involving the recruitment of a Chinese software developer who provided “technical services.” This spy agency used “poisoned” software to conduct cyberattacks and steal secrets from dozens of China’s defense and high-tech enterprises. Wang, a Chinese engineer in the network technology ...
- Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
November 21, 2023
Unit 42 researchers recently discovered two separate campaigns targeting job-seeking activities linked to state-sponsored threat actors associated with the Democratic People’s Republic of Korea (DPRK), commonly known as North Korea. The research team call the first campaign “Contagious Interview,” where threat actors pose as employers (often anonymously or with vague identities) to lure software developers into ...