Security News > 2021 > November > New Android Spyware Poses Pegasus-Like Threat

New Android Spyware Poses Pegasus-Like Threat
2021-11-10 14:00

Researchers discovered new Android spyware that provides similar capabilities to NSO Group's Pegasus controversial software.

PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted device, according to a Zimperium zLabs report published Wednesday.

Another reason for concern over PhoneSpy's appearance is it is written with off-the-shelf code, showing that spyware on par with Pegasus is not just limited to organized and sophisticated companies such as NSO. It also means it's easier for the cybercriminals behind the spyware to cover their tracks, as the spyware doesn't carry specific fingerprints of a certain organization, Yaswant wrote.

Since it hasn't been sighted on Google's official app store or other third-party Android app stores, Yaswant surmised PhoneSpy is being distributed via social engineering tactics as opposed to delivery via a zero-day vulnerability.

In the background, the spyware acts like a Remote Access Trojan, abusing permissions to exfiltrate data to a command-and-control server and leaving the device open to access for the threat actors, researchers found.

In addition to stealing data, other capabilities of PhoneSpy include recording or live-streaming video or audio; viewing SMS messages; sending SMS messages as the device's owner; editing contact info in the device's address book; enabling call forwarding; and viewing the GPS location of the device.


News URL

https://threatpost.com/new-android-spyware-poses-pegasus-like-threat/176155/