Security News > 2020 > June > Android ‘ActionSpy’ Malware Targets Turkic Minority Group
Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan.
"ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices," said researchers with Trend Micro in a Thursday analysis.
Researchers discovered ActionSpy being spread via several pages in April 2020.
In late April 2020, researchers discovered another type of website that appeared to be copied from a third-party web store and purported to invite users to download an Uyghur video app that is popular with Tibetan Android users, called Ekran.
Once downloaded, ActionSpy will connect to its Command and Control server, which is encrypted by DES. Researchers said the decryption key is generated in native code - making static analysis of ActionSpy difficult.
News URL
https://threatpost.com/android-actionspy-malware-targets-turkic-minority-group/156507/
Related news
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)