LianSpy: new Android spyware targeting Russian users

Aug. 6, 2024, 10:05 a.m.

Description

Kaspersky discovered an Android spyware campaign called LianSpy that targets Russian users. The malware can capture screencasts, exfiltrate files, and harvest call logs and app lists. It employs evasive tactics like using the Russian cloud service Yandex Disk for command and control communication, avoiding dedicated infrastructure, and utilizing robust encryption. Some features suggest LianSpy is likely deployed through an unknown vulnerability or physical device access.

External References

https://securelist.com/lianspy-android-spyware/113253
https://otx.alienvault.com/pulse/66b1f4d90bc044f226fcc669
Tags
android
spyware
2024-08-06
yandex
russian
lianspy

Date

  • Created: Aug. 6, 2024, 10:03 a.m.
  • Published: Aug. 6, 2024, 10:03 a.m.
  • Modified: Aug. 6, 2024, 10:05 a.m.

Attack Patterns

  • LianSpy
  • T1519
  • T1534
  • T1064
  • T1557
  • T1489
  • T1518
  • T1498
  • T1027
  • T1553

Additional Informations

  • Russian Federation