In March 2024, Kaspersky researchers discovered a campaign targeting individuals in Russia with previously unseen Android spyware they dubbed LianSpy. Kaspersky analysis indicates that the malware has been active since July 2021.
This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists. The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.
Read more…
Source: Kaspersky
Related:
- 6 Palestinian rights activists hacked by NSO spyware, report says
November 8, 2021
Security researchers disclosed Monday that spyware from the notorious Israeli hacker-for-hire company NSO Group was detected on the cellphones of six Palestinian human rights activists, half affiliated with groups that Israel’s defense minister controversially claimed were involved in terrorism. The revelation marks the first known instance of Palestinian activists being targeted by the military-grade Pegasus spyware. ...
- Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
November 7, 2021
On Sept. 16, 2021, the US Cybersecurity and Infrastructure Security Agency (CISA) released an alert warning that advanced persistent threat (APT) actors were actively exploiting newly identified vulnerabilities in a self-service password management and single sign-on solution known as ManageEngine ADSelfService Plus. The alert explained that malicious actors were observed deploying a specific webshell and ...
- US sanctions NSO Group, Israeli spyware company at centre of Pegasus Papers
November 3, 2021
The US is sanctioning an Israeli spyware company that it accused of supplying technology to foreign governments “to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers”. NSO Group had been accused of assisting despotic regimes in targeting journalists, political dissidents, and human rights activists in reports earlier this year. The company responded at the ...
- New espionage campaign targets South East Asia
October 20, 2021
An espionage campaign using a previously undocumented toolset has targeted a range of organizations in South East Asia. Among the identified targets are organizations in the defense, healthcare, and information and communications technology (ICT) sectors. The campaign appears to have begun in September 2020 and ran at least until May 2021. The toolset used by the ...
- Twitter Suspends Accounts Used to Snare Security Researchers
October 18, 2021
Twitter has shuttered two accounts – @lagal1990 and @shiftrows13 – specifically used to trick security researchers into downloading malware in a long-running cyber-espionage campaign attributed to North Korea. The campaign was first discovered by the Google Threat Analysis Group (TAG) in January and is ongoing. On Friday, Google TAG analyst Adam Weidermann confirmed that Twitter suspended the ...
- MysterySnail attacks IT companies, defence contractors and diplomatic entities with Windows zero-day
October 12, 2021
In late August and early September 2021, Kaspersky technologies detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. The exploit had numerous debug strings from an older, publicly known exploit for vulnerability CVE-2016-3309, but closer analysis revealed that it was a zero-day. We discovered that it was using ...