Security News > 2021 > March > Facebook Disrupts Chinese Spies Using iPhone, Android Malware
Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world.
The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.
Facebook published details on the TTPs by the group, including precise, selective targeting of victims.
"This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser and country and language settings," he explained.
The group has also used fake third party app stores and have been observed outsourcing Android malware development to two Chinese companies.
Facebook has published hashes and domains associated with this threat actor.
News URL
Related news
- Chinese cyber-spies peek over shoulder of officials probing real-estate deals near American military bases (source)
- FBI wipes Chinese PlugX malware from over 4,000 US computers (source)
- FBI deletes Chinese PlugX malware from thousands of US computers (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)
- DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (source)
- Windows 11's Start menu is getting iPhone and Android integration (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)