In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Greece: Report claims illegal surveillance software was used to spy on politicians, journalists and businessmen
November 5, 2022
Greece has been rocked by a ‘wiretapping’ scandal as a bombshell report claimed Prime Minister Kyriakos Mitsotakis ‘used state intelligence to spy on dozens of people including potential political rivals, journalists and businessmen’. Documento reported that the list of targets included former premier Antonis Samaras, current members of the cabinet and shipping magnate Vangelis Marinakis, owner ...
- Russian spies ‘hacked Liz Truss’s phone and stole sensitive messages’
October 29, 2022
Liz Truss had her phone hacked by Kremlin spies while she was working as foreign secretary, according to a report. The former prime minister’s personal messages with former chancellor Kwasi Kwarteng were raided, as well as sensitive details of international negotiations, it is claimed. Security services discovered the major security breach during the summer Tory leadership election, ...
- Cranefly: Threat Actor Uses Previously Unseen Techniques and Tools in Stealthy Campaign
October 28, 2022
Symantec, by Broadcom Software, has discovered a previously undocumented dropper that is being used to install a new backdoor and other tools using the novel technique of reading commands from seemingly innocuous Internet Information Services (IIS) logs. The dropper (Trojan.Geppei) is being used by an actor Symantec calls Cranefly (aka UNC3524), to install another piece of ...
- Germany stands down cyber boss over Russian ties
October 19, 2022
Germany’s government has stood down the president of its Federal Office for Information Security, Arne Schönbohm, over his links to Russia. Schönbohm’s woes erupted last week when late-night chat show ZDF Magazine Royale branded him a “Cyberclown” in a Twitter thread that detailed some of the wurst moments of his career: Among the matters raised in the ...
- Budworm: Espionage Group Returns to Targeting U.S. Organizations
October 13, 2022
The Budworm espionage group has mounted attacks over the past six months against a number of strategically significant targets, including the government of a Middle Eastern country, a multinational electronics manufacturer, and a U.S. state legislature. The latter attack is the first time in a number of years Symantec has seen Budworm targeting a U.S-based ...
- How Wi-Fi spy drones snooped on financial firm
October 12, 2022
Modified off-the-shelf drones have been found carrying wireless network-intrusion kit in a very unlikely place. The idea of using consumer-oriented drones for hacking has been explored over the past decade at security conferences like Black Hat 2016, in both the US and in Europe. Naomi Wu, a DIY tech enthusiast, demonstrated a related project called Screaming ...