Amid numerous malicious attacks leveraging the current COVID-19 coronavirus crisis, security researchers have discovered an Android surveillance campaign targeting users in Libya.
Ranging from phishing attacks that deliver remote access Trojans or other types of malware to state-sponsored assaults, attacks featuring themes related to the COVID-19 pandemic are a common occurrence and target both desktop and mobile users.
People around the world are seeking accurate information about the virus and its impact, and cyber-criminals are taking advantage of the increase in communication around the topic to spread their malicious programs.
One of the COVID-19-themed attacks appears to be part of a larger mobile surveillance campaign operating out of Libya and targeting Libyan individuals, Lookout reveals.
As part of the attack, the adversary uses an Android application named “corona live 1.1,” which is a trojanized version of the “corona live” app that serves information from the Johns Hopkins coronavirus tracker, such as infection rates and number of deaths over time and per country.
Once launched, the app requests access to photos, media, files, device location, and also asks for permissions to take pictures and record videos. The app, Lookout has discovered, is a variant of the SpyMax commercial surveillanceware family, supposedly developed by SpyNote creators.
SpyMax includes all of the capabilities a standard spying tool has, and cyber-criminals praise it on underground forums for its graphical interface and ease of use.
Through this piece of surveillanceware, attackers can access a broad range of sensitive data on the v ..
Support the originator by clicking the read the rest link below.
