A new spate of iOS and Android mobile malware attacks capable of taking control of devices, and tracking GPS location, phone call history, contacts, and text messages has been unleashed on targets in Hong Kong in the last several months, according to multiple cybersecurity companies.
The attackers, which Kaspersky suspects are Chinese-speaking, lure their victims by posting links to local news sites in general discussion sections of forums that are popular among Hong Kong residents. But when victims click through to see the news, attackers deploy a hidden iFrame that runs an iOS malware variant, a modular backdoor.
Trend Micro researchers have also found this malware, dubbing it “LightSpy.” Some of the lures include content on protests in Hong Kong. They also touch on information about the novel coronavirus and sex.
The Android portion of the campaign is being distributed through Instagram posts and Telegram channels, with lures encouraging victims to download an app dedicated to the Hong Kong Democracy and Freedom Movement, according to Kaspersky research. The Android exploit, which TrendMicro dubs “dmsSpy,” transmits sensitive information on texting, calling, and geolocation back to an attacker-controlled command and control server.
In addition to geolocation, phone call history, and text message monitoring, LightSpy is capable of exfiltrating data from machines connected to the same Wi-Fi network. Spyware deployed against victims is also capable of ..
Support the originator by clicking the read the rest link below.
