LianSpy: new Android spyware targeting Russian users

Aug. 6, 2024, 10:05 a.m.

Description

Kaspersky discovered an Android spyware campaign called LianSpy that targets Russian users. The malware can capture screencasts, exfiltrate files, and harvest call logs and app lists. It employs evasive tactics like using the Russian cloud service Yandex Disk for command and control communication, avoiding dedicated infrastructure, and utilizing robust encryption. Some features suggest LianSpy is likely deployed through an unknown vulnerability or physical device access.

Date

Published: Aug. 6, 2024, 10:03 a.m.

Created: Aug. 6, 2024, 10:03 a.m.

Modified: Aug. 6, 2024, 10:05 a.m.

Attack Patterns

LianSpy

T1519

T1534

T1064

T1557

T1489

T1518

T1498

T1027

T1553

Additional Informations

Russian Federation