Tags, , , , ,
Super secure VPN
Minimal data logging
Favorable privacy policy

Zimperium zLabs researchers have revealed findings on PhoneSpy spyware that can infiltrate Android handsets and is spread through malicious applications. For now, the good news is that the malicious apps are not available on Google Play Store.
“Samples of PhoneSpy were not found in any Android app store, indicating that attackers are using distribution methods based on web traffic redirection or social engineering,” researchers noted.
SEE: Dark web hackers selling 400,000 South Korean & US payment card data
The malware is developed with advanced obfuscation and concealment capabilities. Once it is downloaded on a device, it can hide its icon and remain undetected, uninstall mobile security software, and gather extensive personal and corporate data from the victim, including private photos and communications.
On Wednesday, zLabs published its report on the nefarious activities of PhoneSpy spyware operators. Reportedly, the researchers have identified 23 malicious applications hiding the spyware and distributed through third-party platforms. The infected apps include photo collection apps, TV/Video streaming software, browsing utilities, and yoga instruction software.

The campaign is mainly targeting Android users in South Korea. According to zLabs researchers, the campaign’s initial infection vector is nothing unique as, like every other campaign, it also uses phishing links to trap unsuspecting users. The links are posted on social media channels or splashed over websites claiming to be sent by a famous Korean service, the Kakao Talk messaging app.
When the victim installs and runs the APK file of the downloaded app, instead of running the app’s software, it will deploy PhoneSpy.
“After installation and launch, the app displays a login page and attempts to steal the credentials for “Kakao,” which can be used to login into other services in South Korea with the Single-Sign-On feature,” the report read.
It then asks for selected permissions, after which it becomes easier for the malicious software to steal data from the device, such as user credentials.
Researchers described PhoneSpy as an ‘advanced’ RAT (Remote Access Trojan). They can perform various functions, from surveillance of victims’ activities and exfiltrating device information to transmitting data to the C2 server.
Furthermore, the malware can monitor the victim’s location through GPS, hijack mobile microphones and cameras (both front and rear) to record audio conversations, videos, and images, intercept and steal SMS, call log, contact list, and contact forwarding, and even send messages on behalf of the attacker.

The full list of PhoneSpy’s capabilities include:
SEE: N Korean hackers used VPN flaws to breach S Korean atomic agency
“Even though thousands of South Korean victims have fallen prey to the spyware campaign, it is unclear whether they have any connections with each other. But with the ability to download contact lists and send SMS messages on behalf of the victim, there is a high chance that the malicious actors are targeting connections of current victims with phishing links.”
This is an ongoing campaign, and zLabs has notified authorities in South Korea and USA.

Did you enjoy reading this article? Like our page on Facebook and follow us on Twitter.





Newsletter
Get the best stories straight into your inbox!




Don’t worry, we don’t spam
 App Store Google News
HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT
The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.

source