Security News > 2024 > August > New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021.

Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control communications as a way to avoid having a dedicated infrastructure and evade detection.

LianSpy, once activated, determines if it's running as a system app to operate in the background using administrator privileges, or else requests a wide range of permissions that allow it to access contacts, call logs, and notifications, and draw overlays atop the screen.

Where LianSpy showcases its stealth is in its ability to bypass the privacy indicators feature introduced by Google in Android 12, which requires apps requesting for microphone and camera permissions display a status bar icon.

"LianSpy developers have managed to bypass this protection by appending a cast value to the Android secure setting parameter icon blacklist, which prevents notification icons from appearing in the status bar," Kalinin pointed out.

LianSpy is the latest addition to a growing list of spyware tools, which are often delivered to target mobile devices - be it Android or iOS - by leveraging zero-day flaws.

News URL

https://thehackernews.com/2024/08/new-android-spyware-lianspy-evades.html