Forwarded from Pegasus NSO & other spyware
LianSpy: Android spyware leveraging Yandex Disk as C2 | Securelist β
@androidMalware
#Russia #Android #LianSpy #Spyware
In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs and app lists.
The malicious actor behind LianSpy employs multiple evasive tactics, such as leveraging a Russian cloud service, Yandex Disk, for C2 communications. They also avoid having dedicated infrastructure, and employ a lot of other features to keep the spyware undiscovered. Some of these features suggest that LianSpy is most likely deployed through either an unknown vulnerability or direct physical access to the target phone.@androidMalware
#Russia #Android #LianSpy #Spyware