Security News > 2021 > March > Facebook Disrupts Chinese Spies Using iPhone, Android Malware
Facebook's threat intelligence team says it has disrupted a sophisticated Chinese spying team that routinely use iPhone and Android malware to hit journalists, dissidents and activists around the world.
The hacking group, known to malware hunters as Evil Eye, has used Facebook to plant links to watering hole websites rigged with exploits for the two major mobile platforms.
Facebook published details on the TTPs by the group, including precise, selective targeting of victims.
"This group took steps to conceal their activity and protect malicious tools by only infecting people with iOS malware when they passed certain technical checks, including IP address, operating system, browser and country and language settings," he explained.
The group has also used fake third party app stores and have been observed outsourcing Android malware development to two Chinese companies.
Facebook has published hashes and domains associated with this threat actor.
News URL
Related news
- Fake Facebook MidJourney AI page promoted malware to 1.2 million people (source)
- Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users (source)
- SoumniBot malware exploits Android bugs to evade detection (source)
- German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies (source)
- New Brokewell malware takes over Android devices, steals data (source)
- New 'Brokewell' Android Malware Spread Through Fake Browser Updates (source)
- New Wpeeper Android malware hides behind hacked WordPress sites (source)
- Android Malware Wpeeper Uses Compromised WordPress Sites to Hide C2 Servers (source)
- Finland warns of Android malware attacks breaching bank accounts (source)
- Android 15, Google Play get new anti-malware and anti-fraud features (source)