Security News > 2020 > April > Sophisticated Android Spyware Attack Spreads via Google Play
Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that's distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure.
Kaspersky's report follows previous research from BlackBerry, which connected OceanLotus to a trio of fake apps for Android last year.
The apps were distributed through phishing, but also to a wider set of targets via third-party app stores as well as the official Google Play Store.
BlackBerry researchers also dug into how the apps made it into the Google Play Store itself - "Finding that OceanLotus went to the trouble establishing an entire fake backstory to give its malicious apps an air of legitimacy," a spokesperson told Threatpost.
Kaspersky reported all discovered PhantomLance samples to the owners of legitimate app stores in which they were found, and Google Play has removed the known apps, but the campaign is ongoing, according to the firm.
News URL
https://threatpost.com/sophisticated-android-spyware-google-play/155202/
Related news
- Google fixes Android kernel zero-day exploited in attacks (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Google takes action after coder reports 'most sophisticated attack I've ever seen' (source)
- Google blocked 2.36 million risky Android apps from Play Store in 2024 (source)
- Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (source)
- Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists (source)
- Google says hackers abuse Gemini AI to empower their attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)