Cybersecurity (opens in new tab) researchers have uncovered a new spyware campaign that hides in plain sight on victims’ Android devices (opens in new tab) under the garb of legitimate lifestyle apps.
The campaign, dubbed PhoneSpy, was discovered by researchers at mobile security firm Zimperium, who found the spyware inside 23 Android apps (opens in new tab).
Once installed, the researchers observed that the spyware will stealthily exfiltrate data from the victim’s device, including login credentials, messages, precise granular location and images.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
>> Click here to start the survey in a new window (opens in new tab) <<
“The PhoneSpy Android spyware campaign puts enterprises at as much, if not more, risk than consumers. The rise of bring your own device (BYOD (opens in new tab)) policies has blurred the line between work and personal data and any compromise to the security of an enterprise-connected device puts all corporate data at risk,” reasons (opens in new tab) Zimperium.
Attacking the mobile workforce
In their breakdown of the spyware, the researchers note that they found PhonySpy was capable of uninstalling any user-installed applications, including mobile security apps.
They also fathom that the trojan apps are most likely distributed through web traffic redirection or social engineering, since they couldn’t find any trace of the spyware-infested apps on Google Play Store (opens in new tab) or any third-party or regional Android stores as well.
Interestingly, PhoneSpy is currently only targeting South Korean residents, and has already taken more than a thousand victims. However, the researchers argue that with mobile devices playing critical roles in distributed and remote work, spyware campaigns such as PhoneSpy are a global concern.
Zimperium has shared their findings with the US and South Korean authorities. However, despite multiple reports to the web hosting (opens in new tab) company that powers the command and control (C2) server used by the campaign, the malicious server is still online.
Protect your mobile devices with these best Android antivirus apps (opens in new tab)