Security News > 2023 > July > APT41 hackers target Android users with WyrmSpy, DragonEgg spyware
The Chinese state-backed APT41 hacking group is targeting Android devices with two newly discovered spyware strains dubbed WyrmSpy and DragonEgg by Lookout security researchers.
While APT41 hackers usually breach their targets' networks via vulnerable web apps and Internet-exposed endpoints, Lookout says the group also targets Android devices with WyrmSpy and DragonEgg spyware strains.
Lookout first identified WyrmSpy in 2017 and DragonEgg in early 2021, with the most recent example dating back to April 2023.
Both Android malware strains come with extensive data collection and exfiltration capabilities activated on compromised Android devices after deploying secondary payloads.
While WyrmSpy disguises itself as a default operating system app, DragonEgg is camouflaged as third-party keyboard or messaging apps, using these guises to evade detection.
APT41's interest in Android devices "Shows that mobile endpoints are high-value targets with coveted data."
News URL
Related news
- New Android spyware found on phone seized by Russian FSB (source)
- New EagleMsgSpy Android spyware used by Chinese police, researchers say (source)
- Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (source)
- Russian cyberspies target Android users with new spyware (source)
- Russian cyberspies target Android users with new spyware (source)
- New Android NoviSpy spyware linked to Qualcomm zero-day bugs (source)