A long-running malware campaign whose activity dates back to 2016 has been using a sophisticated playbook of tricks to sneak trojanized Android apps into the Google Play Store as well as third-party marketplaces.
Researchers from Kaspersky have dubbed the campaign PhantomLance and, based on certain calling cards, have attributed it with medium confidence to the OceanLotus APT group, which experts typically associate with Vietnam-based cyber espionage actors.
In a company blog post, Kaspersky researchers Alexey Firsh and Lev Pikman report that the campaign’s main payload is a backdoor that anti-virus firm Dr. Web first observed in Google Play in July 2019.
Kaspersky says it has found dozens of samples of the backdoor in the wild. It comes in three major versions and has been found packaged within malicious mobile apps that targets users based primarily in Southeast Asia. PhantomLance has been observed attacking devices based in India, Vietnam, Bangladesh, Indonesia, Nepal, Myanmar and Malaysia, the report states.
T ..
Support the originator by clicking the read the rest link below.
