Security News > 2020 > June > Android ‘ActionSpy’ Malware Targets Turkic Minority Group
Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan.
"ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices," said researchers with Trend Micro in a Thursday analysis.
Researchers discovered ActionSpy being spread via several pages in April 2020.
In late April 2020, researchers discovered another type of website that appeared to be copied from a third-party web store and purported to invite users to download an Uyghur video app that is popular with Tibetan Android users, called Ekran.
Once downloaded, ActionSpy will connect to its Command and Control server, which is encrypted by DES. Researchers said the decryption key is generated in native code - making static analysis of ActionSpy difficult.
News URL
https://threatpost.com/android-actionspy-malware-targets-turkic-minority-group/156507/
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)