Security researchers have uncovered a new spyware campaign that’s targeting South Korean residents with Android devices in order to steal confidential data.
Unlike other spyware campaigns that typically take advantage of on-device vulnerabilities, this campaign, known as PhoneSpy, hides in plain sight on victims’ devices, masquerading as legitimate Android lifestyle apps from TV streaming to yoga instruction. In reality, however, the spyware is stealthily exfoliating data from the victim’s device, including login credentials, messages, precise granular location and images. PhoneSpy is also capable of uninstalling any apps, including mobile security apps.
Researchers at mobile security firm Zimperium, which discovered PhoneSpy inside 23 apps, say the spyware can also access a victims’ camera to take pictures and record video in real-time, and warned that this could be used for personal and corporate blackmail and espionage. It does this without a victim knowing, and Zimperium notes that unless someone is watching their web traffic, it would be difficult to detect.
The legitimate-looking apps request excessive on-device permissions — a common red flag …
