Security News > 2021 > November > Researchers Discover PhoneSpy Malware Spying on South Korean Citizens

Researchers Discover PhoneSpy Malware Spying on South Korean Citizens
2021-11-10 06:04

An ongoing mobile spyware campaign has been uncovered snooping on South Korean residents using a family of 23 malicious Android apps to siphon sensitive information and gain remote control of the devices.

"With more than a thousand South Korean victims, the malicious group behind this invasive campaign has had access to all the data, communications, and services on their devices," Zimperium researcher Aazim Yaswant said.

The rogue apps have been found to masquerade as seemingly innocuous lifestyle utilities with purposes ranging from learning Yoga and browsing photos to watching TV and videos, with the malware artifacts not relying on Google Play Store or other third-party unofficial app marketplaces, implying a social engineering or web traffic redirection method to trick users into downloading the apps.

Post installation, the application requests for a wide range of permissions before opening a phishing site that's designed to resemble the login pages of popular apps such as Facebook, Instagram, Google, and Kakao Talk.

"Many of the applications are facades of a real app with none of the advertised user-based functionality," Yaswant explained.

"In a few other cases, like simpler apps that advertise as photo viewers, the app will work as advertised all while the PhoneSpy spyware is working in the background."


News URL

https://thehackernews.com/2021/11/researchers-discover-phonespy-malware.html