The malicious app, called Radio Balouch aka RB Music, is actually a fully working streaming radio app for Balouchi music enthusiasts, except that it comes with a major sting in its tail – stealing personal data of its users. Last month, TechCrunch revealed a significant stalkerware campaign that’s putting the private phone data of hundreds of thousands of people at risk.ESET analysis breaks down the first known spyware that is built on the AhMyth open-source espionage tool and has appeared on Google Play – twiceĮSET researchers have discovered the first known spyware that is built on the foundations of AhMyth open-source malware and has circumvented Google’s app-vetting process.
However, at the time of writing, the PhoneSpy spyware campaign is still active.
and South Korean authorities of this hyper-targeted spyware campaign and has reported the host of the command and control server multiple times. Using off-the-shelf code also produces fewer fingerprints, making it easier for attackers to obscure their identity. “This leads us to believe that someone compiled the features and capabilities they wanted into a new spyware setup,” Melick added. PhoneSpy, which has so far claimed more than 1,000 victims in South Korea, according to Zimperium, shares many similarities with other known and previously used spyware and stalkerware apps. “There is evidence pointing to distribution through web traffic redirection or social engineering, like phishing, tricking the end-user into downloading what they think is a legitimate app from a compromised website or direct link.” “PhoneSpy is distributed through malicious and fake apps that are downloaded and sideloaded onto the victim’s devices,” Melick said. Rather, Zimperium says that attackers are using distribution methods based on web traffic redirection or social engineering, an attack method whereby users are manipulated into performing certain actions or handing over confidential data. PhoneSpy is not known to be listed in Google Play, nor were samples found in any Android storefront. “Once the permissions are granted, the attackers can take control and hide the app from the user’s menu, staying behind the scenes to continue to track and steal with little to no interruption,” Zimperium’s Richard Melick told TechCrunch. The legitimate-looking apps request excessive on-device permissions - a common red flag.
0 kommentar(er)
