Espionage Campaign – Kaspersky researchers have detected a sophisticated malicious campaign targeting users of Android devices that can be attributed, with a medium level of security, to the group specializing in advanced persistent threats (APT) called OceanLotus.
Entitled PhantomLance, it has been active since at least 2015, features several versions of spyware – a program designed to collect data from victims – and smart distribution tactics, which includes its presence in dozens of apps on the official Google Play store.
Also Read : Things You Should Do If Your WhatsApp Account Gets Hacked
In July 2019, security market researchers released a new spyware sample found in the Android app store.
This report caught Kaspersky’s attention for its unexpected characteristics; with sophistication and behavior very different from trojans that are normally used in app attacks in official app stores.
In general, when cybercriminals manage to place a malicious app in an official store, they invest considerably to promote it with the aim of maximizing the potential of infected victims to the maximum.
However, this is not what happened with the newly discovered spy apps. Apparently, its operators were not interested in mass dissemination. For researchers, this is an indication of targeted APT activity.
Additional research has made it possible to discover several versions of this malware with dozens of samples associated with multiple similarities in the code.
Kaspersky reported all samples discovered to the owners of the official app stores and Google Play confirmed the removal of all apps from its store.
Also Read : Shortcut virus: How it works and How to remove it from the Computer
