In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- Sophisticated Tardigrade malware launches attacks on vaccine manufacturing infrastructure
November 25, 2021
Security researchers are warning biomanufacturing facilities around the world that they are being targeted by a sophisticated new strain of malware, known as Tardigrade. The warning comes from the non-profit Bioeconomy Information Sharing and Analysis Center (BIO-ISAC) which revealed that at least two large facilities working on manufacturing bio-drugs and vaccines have been hit by the ...
- Apple sues Israeli spyware firm NSO Group
November 24, 2021
Apple is suing Israeli spyware firm NSO Group and its parent company for allegedly targeting iPhone users with a hacking tool. NSO’s Pegasus software can infect both iPhones and Android devices, allowing operators to extract messages, photos and emails, record calls and secretly activate microphones and cameras. NSO Group said its tools were made to target terrorists ...
- North Korean cyberspies target govt officials with custom malware
November 18, 2021
A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. The particular actor is attributed as one of several groups known as Kimsuky (aka Thallium). TA406 has left traces of low-volume activity since 2018, primarily focusing on espionage, money-grabbing scams, and extortion. However, in March and June 2021, ...
- Fake end-to-end encrypted chat app distributes Android spyware
November 13, 2021
The GravityRAT remote access trojan is being distributed in the wild again, this time under the guise of an end-to-end encrypted chat application called SoSafe Chat. This particular RAT (remote access trojan) targets predominately Indian users, being distributed by Pakistani actors. The telemetry data on the most recent campaign shows that the targeting scope hasn’t changed, and ...
- Dutch newspaper accuses US spy agencies of orchestrating 2016 Booking.com breach
November 11, 2021
Jointly US-Dutch owned Booking.com was illegally accessed by an American attacker in 2016 – and the company failed to tell anyone when it became aware of what happened, according to explosive revelations. The alleged miscreant, named as “Andrew”, is said to have stolen “details of thousands of hotel reservations in countries in the Middle East,” according ...
- Void Balaur and the Rise of the Cybermercenary Industry
November 10, 2021
Cybercriminals have different motivations: for example, some malicious actors have disruptive political attacks as their objective, while others might be more inclined towards cyberespionage and gathering information on their victims. Of course, financial gain remains a powerful cybercrime motivation — perhaps even the most common one. Some malicious actors, such as ransomware operators, earn directly ...