In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- North Korean hackers attack EU targets with Konni RAT malware
July 23, 2022
Threat analysts have uncovered a new campaign attributed to APT37, a North Korean group of hackers, targeting high-value organizations in the Czech Republic, Poland, and other European countries. In this campaign, the hackers use malware known as Konni, a remote access trojan (RAT) capable of establishing persistence and performing privilege escalation on the host. Konni has been ...
- Russian cyber spies targeting NATO countries in new hacking campaign
July 19, 2022
Cyber spies suspected of working for Russia’s foreign intelligence service (SVR) are targeting NATO countries in a recent hacking campaign, according to a new industry report. The hackers are using online storage services such as Google Drive and Dropbox to avoid being detected, said cyber security company Palo Alto. The hacking attempts have included phishing emails containing ...
- Hackers pose as journalists to breach news media org’s networks
July 16, 2022
Researchers following the activities of advanced persistent (APT) threat groups originating from China, North Korea, Iran, and Turkey say that journalists and media organizations have remained a constant target for state-aligned actors. The adversaries are either masquerading or attacking these targets because they have unique access to non-public information that could help expand a cyberespionage operation. Recent ...
- RaHDIt hackers published data of Ukrainian spies
July 6, 2022
RaHDIt hackers have made public the data of one thousand employees of the Main Intelligence Directorate (GUR) of the military department of Ukraine. According to RIA Novosti, problems in protecting the networks of the Central Directorate of the Main Intelligence Directorate on Rybalsky Island in Kyiv helped in the formation of the database. Among the disclosed intelligence ...
- Apple introduces Lockdown Mode to protect iPhones from state-sponsored hacking
July 6, 2022
Apple announced a new feature for iPhones called Lockdown Mode on Wednesday to protect high-profile users such as politicians and activists against state-sponsored hackers. Lockdown Mode turns off several features on the iPhone in order to make it less vulnerable to spyware by significantly reducing the number of features that attackers can access and potentially hack. Specifically, ...
- Spyware vendor targets users in Italy and Kazakhstan
June 23, 2022
Google has been tracking the activities of commercial spyware vendors for years, and taking steps to protect people. Just last week, Google testified at the EU Parliamentary hearing on “Big Tech and Spyware” about the work we have done to monitor and disrupt this thriving industry. Seven of the nine zero-day vulnerabilities our Threat Analysis Group ...