In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Earth Kitsune delivers new WhiskerSpy backdoor via watering hole attack
February 17, 2023
Trend Micro researchers discovered a new backdoor which Trend Micro have attributed to the advanced persistent threat actor known as Earth Kitsune, which they have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea. In many of the cases, Trend Micro have ...
- Fog of war: how the Ukraine conflict transformed the cyber threat landscape
February 16, 2023
Nearly one year ago, Russia invaded Ukraine, and we continue to see cyber operations play a prominent role in the war. To provide more insights into the role of cyber, today, we are releasing our report Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape based on analysis from Google’s Threat Analysis ...
- Invitation to a secret event: Uncovering Earth Yako’s campaigns
February 16, 2023
In 2021, Trend Micro researchers observed several targeted attacks against researchers of academic organizations and think tanks in Japan. Trend Micro have since been tracking this series of attacks and identified the new intrusion set we have named “Earth Yako”. Their research points the attribution to the known campaign “Operation RestyLink” or “Enelink”. Upon investigating several ...
- SNP MP Stewart McDonald’s emails hacked by Russian group
February 8, 2023
An MP has told the BBC his emails have been stolen and he fears they will be made public. The SNP’s Stewart McDonald said the hack took place in January and he wanted to pre-empt any publication sharing them. Read more… Source: BBC News
- Graphiron: New Russian information stealing malware deployed against Ukraine
February 8, 2023
The Nodaria espionage group (aka UAC-0056) is using a new piece of information stealing malware against targets in Ukraine. The malware (Infostealer.Graphiron) is written in Go and is designed to harvest a wide range of information from the infected computer, including system information, credentials, screenshots, and files. The earliest evidence of Graphiron dates from October 2022. ...
- New APT34 Malware Targets The Middle East
February 2, 2023
On December 2022, Trend Micro researchers identified a suspicious executable (detected by Trend Micro as Trojan.MSIL.REDCAP.AD) that was dropped and executed on multiple machines. The investigation led them to link this attack to advanced persistent threat (APT) group APT34, and the main goal is to steal users’ credentials. Even in case of a password reset ...