In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- France set to allow police to spy on suspects through remote phone access
July 6, 2023
Part of a wider justice reform bill, the spying provision has been attacked by the left and rights defenders as an authoritarian snoopers’ charter, though Justice Minister Eric Dupond-Moretti insists it would affect only “dozens of cases a year”. Covering laptops, cars and other connected objects as well as phones, the measure would allow geolocation of ...
- The growth of commercial spyware based intelligence providers without legal or ethical supervision
July 6, 2023
Attackers have long used commercial products developed by legitimate companies to compromise targeted devices. These products are known as commercial spyware. Commercial spyware operations mainly target mobile platforms with zero- or one-click zero-day exploits to deliver spyware. This threat initially came to light with the leaks of HackingTeam back in 2015, but gained new notoriety with public reporting ...
- Chinese threat actors targeting Europe in SmugX campaign
July 3, 2023
In the last couple of months, Check Point Research (CPR) has been tracking the activity of a Chinese threat actor targeting Foreign Affairs ministries and embassies in Europe. Combined with other Chinese activity previously reported by Check Point Research, this represents a larger trend within the Chinese ecosystem, pointing to a shift to targeting European entities, ...
- Turkish intelligence uncovers ‘ghost’ Mossad network
July 3, 2023
After monthslong surveillance, Türkiye’s National Intelligence Organization (MIT) has exposed a “ghost” cell of 56 operatives spying on non-Turkish nationals in the country on behalf of the Israeli intelligence agency Mossad. Documents from MIT revealed that the spies were gathering biographical intelligence on foreign nationals through an online routing method, tracking vehicle movements via GPS, hacking ...
- EU set to approve the use of spyware to uncover confidential journalist sources
June 23, 2023
The European Union is set to approve new laws that would let governments spy on journalists in the name of national security. The legislation would expand legal ‘loopholes’ that let governments install spyware on journalist’s phones and computers, including British reporters working in the EU, press freedom campaigners warned. The draft legislation, that has now been ...
- Why is it so rare to hear about Western cyber-attacks?
June 23, 2023
A cyber-attack that took over iPhones at a Russian technology company is being blamed on US government hackers. Could the attack, and the response from the Russian government, be rewriting the narrative of who the good guys and bad guys are in cyber-space? Camaro Dragon, Fancy Bear, Static Kitten and Stardust Chollima – these aren’t the ...