Security News > 2020 > June > Android ‘ActionSpy’ Malware Targets Turkic Minority Group
Researchers have discovered a new Android spyware, dubbed ActionSpy, targeting victims across Tibet, Turkey and Taiwan.
"ActionSpy, which may have been around since 2017, is an Android spyware that allows the attacker to collect information from the compromised devices," said researchers with Trend Micro in a Thursday analysis.
Researchers discovered ActionSpy being spread via several pages in April 2020.
In late April 2020, researchers discovered another type of website that appeared to be copied from a third-party web store and purported to invite users to download an Uyghur video app that is popular with Tibetan Android users, called Ekran.
Once downloaded, ActionSpy will connect to its Command and Control server, which is encrypted by DES. Researchers said the decryption key is generated in native code - making static analysis of ActionSpy difficult.
News URL
https://threatpost.com/android-actionspy-malware-targets-turkic-minority-group/156507/
Related news
- TrickMo malware steals Android PINs using fake lock screen (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Android malware "FakeCall" now reroutes bank calls to attackers (source)
- New FakeCall Malware Variant Hijacks Android Devices for Fraudulent Banking Calls (source)
- New Android Banking Malware 'ToxicPanda' Targets Users with Fraudulent Money Transfers (source)
- Cyber crooks push Android malware via letter (source)