• Home
  • Apps
  • Apps News
  • Sophisticated Android Spyware Attack Found Targeting Users in India: Kaspersky

Sophisticated Android Spyware Attack Found Targeting Users in India: Kaspersky

This “PhantomLance” campaign included multiple versions of a complex spyware to target users in India, Vietnam, Bangladesh, and Indonesia.

Share on Facebook Tweet Snapchat Share Reddit Comment
Sophisticated Android Spyware Attack Found Targeting Users in India: Kaspersky

Spy apps were distributed on various platforms like Google Play and APKpure

Highlights
  • PhantomLance campaign may have been started by OceanLotus
  • The main aim of this campaign was to gather data
  • Kaspersky observed 300 infection attempts since 2016

Research firm Kaspersky has discovered a new spy campaign that has been stealing data off of hundreds of users for the last five years. Dubbed as PhantomLance, this campaign has been active since 2015, and may have been started by hacker group OceanLotus. This campaign includes multiple versions of a complex spyware to target users in India, Vietnam, Bangladesh, and Indonesia. The main purpose of this spyware was to gather information, and Kaspersky observed 300 infection attempts since 2016. The campaign includes a set of malicious apps that were not interested in mass installation, and their main aim was to spy on select users. This hints at how hackers are resorting to more sophisticated ways to become harder to find.

All the malicious spyware samples found by Kaspersky was reported to Google, and the tech giant has already delisted these apps from the Play Store. These apps posed to provide basic functionalities, but gathered information like list of installed applications, device information such as the model and OS version from the targeted device. ‘Furthermore, the malicious app was able to download and execute various malicious payloads, and thus adapt the payload that would be suitable to the specific device environment, such as the Android version and installed apps. This way, the actor was able to avoid overloading the application with unnecessary features and at the same time gather the desired information', Kaspersky notes.

PhantomLance was distributed on various platforms like Google Play and APKpure to make it seem more legitimate. The hacker group even created a fake developer account on GitHub for extra credibility. These apps managed to evade filtering mechanisms employed by Google and other app stores, by uploading first versions of the application without any malicious payloads. The apps received malicious payloads and a code to drop and execute these payloads via later updates. In Kaspersky's findings, Vietnam stood out as one of the top countries by number of attempted attacks. Some malicious apps used in the campaign were also made exclusively in Vietnamese.

Based on similarities in malicious code in past Android campaigns, Kaspersky researchers claim that the PhantomLance campaign was started by OceanLotus. While the apps have been taken down by Google from the Play Store, there is no guarantee that such apps would not crop up in the future. The research firm recommends investing in a viable security solution that protects the device from a wide range of threats. It is also recommended to install apps from Google Play Store with a lot of caution and evaluation. Check for reviews and ensure that apps from popular and credible developers are only downloaded on the phone.


Will OnePlus 8 series be able to take on iPhone SE (2020), Samsung Galaxy S20 in India? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Tasneem Akolawala Tasneem Akolawala is a Senior Reporter for Gadgets 360. Her reporting expertise encompasses smartphones, wearables, apps, social media, and the overall tech industry. She reports out of Mumbai, and also writes about the ups and downs in the Indian telecom sector. Tasneem can be reached on Twitter at @MuteRiot, and leads, tips, and releases can be sent to tasneema@ndtv.com. More
Flipkart Ties Up With Meru to Deliver Daily Essentials, Groceries During Lockdown
Huawei P Smart 2020 Price, Key Specifications, Renders Leaked

Related Stories

 
 

Advertisement

Advertisement

© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com