Security News > 2021 > March > Facebook Disrupts Chinese Spies Using iPhone, Android Malware

Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world.
The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.
Facebook published details on the TTPs by the group, including precise, selective targeting of victims.
"This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser and country and language settings," he explained.
The group has also used fake third party app stores and have been observed outsourcing Android malware development to two Chinese companies.
Facebook has published hashes and domains associated with this threat actor.
News URL
Related news
- Chinese spies suspected of 'moonlighting' as tawdry ransomware crooks (source)
- Chinese hackers use custom malware to spy on US telecom networks (source)
- SpyLend Android malware downloaded 100,000 times from Google Play (source)
- Vo1d malware botnet grows to 1.6 million Android TVs worldwide (source)
- BadBox malware disrupted on 500K infected Android devices (source)
- Desert Dexter Targets 900 Victims Using Facebook Ads and Telegram Malware Links (source)
- North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (source)
- iPhone & Android Users: A Major Privacy Upgrade is Coming Soon (source)
- New Android malware uses Microsoft’s .NET MAUI to evade detection (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)