Carding Forum
Professional
Malware has been spying on Android users since 2021.
Kaspersky Lab specialists have discovered a Trojan for cyber espionage aimed at owners of Android devices in Russia. The malware, dubbed LianSpy, may have been active since mid-2021. The difficulty of detecting it was due to the fact that the attackers actively hide their tracks. According to experts, the espionage was targeted.
According to representatives of Kaspersky Lab, cyber espionage using LianSpy could begin in mid-2021. Since its detection this spring, experts have found more than ten targets. The identities of the victims remain unknown, as experts work with anonymized data based on the activation of the company's services.
The LianSpy Trojan disguises itself as system applications and financial services, but its purpose is not related to the theft of financial information. The malware collects and transmits contact information, call logs, and lists of installed apps from infected devices. The Trojan is able to record the smartphone screen when opening certain applications, mainly instant messengers. In addition, LianSpy can bypass Android notifications that indicate that the phone is currently using a camera or microphone by disabling the icon that appears during screen recording.
Experts believe that Google is unlikely to participate in this espionage activity, since the company has other, more effective methods of surveillance. Ordinary software developers are also unlikely to do this, since most often the built-in malicious functionality is associated with advertising software or collecting information about the user, but not about his correspondence.
Infection of devices could occur remotely with the exploitation of several unknown vulnerabilities or with physical access to the phone. However, the exact attack vector (out of these two) remains unknown, as specialists only had the malware itself for analysis.
LianSpy does not require any actions from the user to activate it. When running, the malware "hides" its icon and runs in the background, so the user is not aware of the problem. At the same time, the activated Trojan gets full control over the device. The LianSpy Trojan uses unusual techniques for mobile spyware: attackers use only public services to transmit information from infected devices, which makes it difficult to attribute the attacking group.
According to experts, in this case, attackers may be interested in obtaining confidential data, sensitive correspondence, personal contacts and other information.
Infected devices can be used to create a botnet network that is used for hacker and information attacks, distributing malware, or gaining access to personal accounts, experts explain. If the malware collects contacts and copies messenger screens, then attackers may be interested in the victim's social circle and topics of their conversations. Thus, it is possible to attack the assistants of high-ranking officials and managers.
It is noted that the attack is aimed at a narrow circle of people on whose smartphones, most likely, there are no monitoring tools. At the same time, the malware itself does not steal money and has no obvious manifestations, which makes it difficult to detect. The number of victims can be significant, given that the Trojan disguises itself as popular system and banking applications.
Source
Kaspersky Lab specialists have discovered a Trojan for cyber espionage aimed at owners of Android devices in Russia. The malware, dubbed LianSpy, may have been active since mid-2021. The difficulty of detecting it was due to the fact that the attackers actively hide their tracks. According to experts, the espionage was targeted.
According to representatives of Kaspersky Lab, cyber espionage using LianSpy could begin in mid-2021. Since its detection this spring, experts have found more than ten targets. The identities of the victims remain unknown, as experts work with anonymized data based on the activation of the company's services.
The LianSpy Trojan disguises itself as system applications and financial services, but its purpose is not related to the theft of financial information. The malware collects and transmits contact information, call logs, and lists of installed apps from infected devices. The Trojan is able to record the smartphone screen when opening certain applications, mainly instant messengers. In addition, LianSpy can bypass Android notifications that indicate that the phone is currently using a camera or microphone by disabling the icon that appears during screen recording.
Experts believe that Google is unlikely to participate in this espionage activity, since the company has other, more effective methods of surveillance. Ordinary software developers are also unlikely to do this, since most often the built-in malicious functionality is associated with advertising software or collecting information about the user, but not about his correspondence.
Infection of devices could occur remotely with the exploitation of several unknown vulnerabilities or with physical access to the phone. However, the exact attack vector (out of these two) remains unknown, as specialists only had the malware itself for analysis.
LianSpy does not require any actions from the user to activate it. When running, the malware "hides" its icon and runs in the background, so the user is not aware of the problem. At the same time, the activated Trojan gets full control over the device. The LianSpy Trojan uses unusual techniques for mobile spyware: attackers use only public services to transmit information from infected devices, which makes it difficult to attribute the attacking group.
According to experts, in this case, attackers may be interested in obtaining confidential data, sensitive correspondence, personal contacts and other information.
Infected devices can be used to create a botnet network that is used for hacker and information attacks, distributing malware, or gaining access to personal accounts, experts explain. If the malware collects contacts and copies messenger screens, then attackers may be interested in the victim's social circle and topics of their conversations. Thus, it is possible to attack the assistants of high-ranking officials and managers.
It is noted that the attack is aimed at a narrow circle of people on whose smartphones, most likely, there are no monitoring tools. At the same time, the malware itself does not steal money and has no obvious manifestations, which makes it difficult to detect. The number of victims can be significant, given that the Trojan disguises itself as popular system and banking applications.
Source
