Security News > 2021 > March > Facebook Disrupts Chinese Spies Using iPhone, Android Malware
Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world.
The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.
Facebook published details on the TTPs by the group, including precise, selective targeting of victims.
"This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser and country and language settings," he explained.
The group has also used fake third party app stores and have been observed outsourcing Android malware development to two Chinese companies.
Facebook has published hashes and domains associated with this threat actor.
News URL
Related news
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Blocking Chinese spies from intercepting calls? There ought to be a law (source)
- Germany sinkholes BadBox malware pre-loaded on Android devices (source)
- Germany blocks BadBox malware loaded on 30,000 Android devices (source)
- Android malware found on Amazon Appstore disguised as health app (source)
- BadBox malware botnet infects 192,000 Android devices despite disruption (source)
- Chinese cyber-spies reportedly targeted sanctions intel in US Treasury raid (source)
- New FireScam Android malware poses as RuStore app to steal data (source)
- New FireScam Android data-theft malware poses as Telegram Premium app (source)
- FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (source)