In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit
March 3, 2026
Google Threat Intelligence Group (GTIG) has identified a new and powerful exploit kit targeting Apple iPhone models running iOS version 13.0 (released in September 2019) up to version 17.2.1 (released in December 2023). The exploit kit, named “Coruna” by its developers, contained five full iOS exploit chains and a total of 23 exploits. The core technical ...
- Hacked traffic cams and hijacked TVs: How cyber operations supported the war against Iran
March 3, 2026
On Saturday, U.S. and Israeli jets began a bombing campaign against Iran, killing its supreme leader Ali Khamenei and several senior government officials. The attacks also hit military and civilian targets all across the country, including a girls’ school, where at least 168 children and adults were killed. After a few days of conflict, multiple reports, ...
- Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign
February 25, 2026
Last week, Google Threat Intelligence Group (GTIG), Mandiant, and partners took action to disrupt a global espionage campaign targeting telecommunications and government organizations in dozens of nations across four continents. The threat actor, UNC2814, is a suspected People’s Republic of China (PRC)-nexus cyber espionage group that GTIG has tracked since 2017. This prolific, elusive actor has ...
- Predator spyware allows full sensor surveillance on iPhones
February 24, 2026
Apple may have introduced colored status bar indicators in iOS 14 to alert users when the camera or microphone is active, but experts have warned this does not stop all malware. Spyware developed by Intellexa and Cytrox, dubbed Predator, can operate on compromised iOS devices without showing any camera or microphone indicators. Predator bypasses the indicator ...
- Russian hackers target European firms with new spear-phishing cyberattacks
February 24, 2026
APT28, the infamous Russian state-sponsored hacking group also known as Fancy Bear, or Sofacy, has been observed targeting “specific entities” in Western and Central Europe with infostealers. In a newly released report, security researchers Lab52 from S2 Grupo detailed “Operation MacroMaze”, which has been ongoing since at least late September 2025 through January 2026. The campaign ...
- Chinese hack exposes data of 5,000 Italian counterterrorism officers
February 18, 2026
Personal data of roughly 5,000 Italian Digos officers — including names, roles and postings — was reportedly obtained by hackers linked to China after a cyber intrusion into the Interior Ministry’s network between 2024 and 2025. The breach potentially exposes officers involved in counterterrorism and monitoring Chinese dissidents, raising serious national security concerns and complicating Italy’s ...