South Korean Users Targeted with Android Spyware ‘PhoneSpy’

  Rassegna Stampa, Security

More than 1,000 mobile phone users in South Korea have been targeted with a powerful piece of Android spyware as part of an ongoing campaign, according to a new report from Zimperium zLabs.

Dubbed PhoneSpy, the malware was designed with extensive spyware capabilities inside, such including data theft, audio and video capture, and location monitoring.

The malware was not found in any Android application stores, a suggestion that the attackers are employing different distribution methods, such as social engineering and web redirects. A total of 23 applications used in this campaign were identified to date, according to a report from Zimperium.

The threat masquerades as various lifestyle applications that allow users to watch TV or videos, or browse photos, but in reality it steals as much data from the infected devices as possible, including calls, messages, photos, and other types of data.

[ READ: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation ]

It also allows an attacker to remotely control the compromised devices, providing them with access to the camera and microphone to take pictures and record audio and video, as well as to the GPS, to get the device’s precise location.

In addition to grabbing calls, contact information, and messages from the infected devices, PhoneSpy can send SMS messages with attacker-controlled content. It can also display a fake login page for the Kakao Talk messaging app to steal users’ credentials.

“While the victims have been limited to South Korea, PhoneSpy is an example of how malicious applications can disguise their true intent. When installed on victims’ devices, they leave personal and corporate data at risk,” Zimperium said.

Related: Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist

Related: Google: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation

Related: Apple Points to Android Malware Infections in Argument Against Sideloading on iOS

view counter

Ionut Arghire is an international correspondent for SecurityWeek.

Previous Columns by Ionut Arghire: