Yesterday, Lookout, Inc., announced the discovery of sophisticated Android surveillanceware known as WyrmSpy and DragonEgg, which has been linked to the Chinese espionage group APT41 (AKA Double Dragon, BARIUM and Winnti). Despite being indicted on multiple charges by the U.S. government for its attacks on more than 100 private and public enterprises in the U.S. and around the world, APT41’s tactics have evolved to include mobile devices.
APT41, also known as Double Dragon, BARIUM and Winnti, is a state-sponsored espionage group that has been active since 2012. In August 2019 and August 2020, five of its hackers were charged by a federal grand jury in Washington, D.C. for a computer intrusion campaign that impacted dozens of companies in the United States and abroad, including software development companies, computer hardware manufacturers, telecommunications providers, social media companies, video game companies, non-profit organizations, universities, think tanks, foreign governments and pro-democracy politicians and activists in Hong Kong.
Known for its exploitation of web-facing applications and infiltration of traditional endpoint devices, an established threat actor like APT 41 including mobile in its arsenal of malware shows how mobile endpoints are high-value targets with coveted corporate and personal data.
Threat discovery highlights:
Both WyrmSpy and DragonEgg have sophisticated data collection and exfiltration capabilities, and Lookout researchers believe they are distributed to victims through social engineering campaigns.
Both use modules to hide their malicious intentions and avoid detection.
WyrmSpy, which is capable of collecting a wide range of data from infected devices including log files, photos, device location, SMS me ..
Support the originator by clicking the read the rest link below.
