Another malicious actor has weaponized an otherwise legitimate, interactive coronavirus tracking map created by Johns Hopkins University — this time to deliver Android spyware as part of a campaign that originates out of Libya and seemingly targets individuals within that country.
The surveillanceware, known as SpyMax, comes packaged in a trojanized application named “corona live 1.1,” according to a blog post today from researchers at Lookout who discovered the scheme. It can access sensitive Android phone data and SMS messages, modify settings, provide a shell terminal, record audio, operate the camera and more.
It can do all this because it first asks victims who downloaded the so-called virus tracker for a myriad of permissions. SpyMax is said to be in the same family as another piece of inexpensive commercially available surveillanceware called SpyNote, which carries similar functionality. Both programs contain a hard-coded address for C2 server communication.
Earlier this month, cybersecurity researchers reported that the Johns Hopkins COVID-19 tracker was copied, weaponized and placed in malicious domain ..
Support the originator by clicking the read the rest link below.
