Tag: spyware

16 Attack Reports | 0 Vulnerabilities

Attack reports

North Korean APT37 Mobile Spyware Discovered

A new Android spyware called KoSpy has been attributed to the North Korean group APT37 (ScarCruft). The malware, active since March 2022, targets Korean and English-speaking users by masquerading as utility apps. KoSpy uses a two-stage C2 infrastructure, retrieving initial configurations from Fireb…
apt
surveillance
north korea
android
spyware
konni
apt37
2025-04-12
scarcruft
kospy
Published: April 12, 2025
Downloadable IOCs: 0

Virtue or Vice? A First Look at Paragon's Proliferating Spyware Operations

The report investigates Paragon Solutions, an Israeli spyware company founded in 2019 that sells a product called Graphite. Through infrastructure analysis, the researchers identified potential Paragon deployments in several countries. They also found evidence linking Paragon to the Canadian Ontari…
surveillance
graphite
spyware
cybersecurity
human rights
law enforcement
2025-03-19
canada
italy
zero-click exploit
Published: March 19, 2025
Downloadable IOCs: 22

Hackers Hijack JFK File Release: Malware & Phishing Surge

A potentially growing cyber threat campaign has been uncovered surrounding the release of declassified JFK, RFK, and MLK files. Attackers are exploiting public interest in these historical documents to launch malware campaigns, phishing schemes, and exploit attempts. Within days of the announcement…
malware
phishing
social engineering
ransomware
spyware
domain spoofing
2025-02-03
cyber threat
trojans
declassified files
historical documents
jfk files
Published: February 3, 2025
Downloadable IOCs: 4

ANDROID MALWARE IN DONOT APT OPERATIONS

The DONOT APT group, serving Indian national interests, has deployed Android malware named 'Tanzeem' for intelligence gathering against internal threats. The malware, disguised as a chat application, exploits OneSignal, a customer engagement platform, for malicious purposes. It requests dangerous p…
apt
android
spyware
2025-01-21
Published: January 21, 2025
Downloadable IOCs: 6

PlainGnome and Bonespy Russian Android spyware discovered | Threat Intel

Two Android surveillance families, BoneSpy and PlainGnome, have been discovered and attributed to the Russian Gamaredon APT group, associated with the FSB. BoneSpy, active since 2021, is based on open-source DroidWatcher, while PlainGnome emerged in 2024. Both target Russian-speaking victims in for…
surveillance
android
russia
spyware
fsb
2024-12-13
shuckworm
plaingnome
primitive bear
bonespy
Published: December 13, 2024
Downloadable IOCs: 31

Something to Remember Us By: Device Confiscated by Russian Authorities Returned with Monokle-Type Spyware Installed

A joint investigation by The First Department and The Citizen Lab uncovered spyware covertly implanted on a Russian programmer's phone after it was confiscated by authorities. The individual, accused of sending money to Ukraine, was subjected to beatings and recruitment attempts by the FSB during h…
surveillance
android
russia
spyware
2024-12-05
monokle
trojanized app
device confiscation
fsb
Published: December 5, 2024
Downloadable IOCs: 0

New Android Spyware Campaign Targets South Koreans via AWS

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts,…
android
spyware
south korea
cloud security
data exfiltration
aws
mobile malware
2024-10-01
stealth techniques
Published: October 1, 2024
Linked vulnerabilities : CVE-2024-21887, CVE-2023-46805, CVE-2021-44228, CVE-2017-11882, CVE-2024-21893
Downloadable IOCs: 7

EastWind campaign: new CloudSorcerer attacks on government organizations in Russia

Kaspersky detected an ongoing targeted cyberattack campaign, dubbed EastWind, targeting Russian government organizations and IT companies. The attackers employed phishing emails with malicious shortcuts to deliver malware that communicated via Dropbox. They utilized tools associated with APT31 and …
rat
phishing
spyware
dll sideloading
cloudsorcerer
2024-08-14
plugy
grewapacha
Published: August 14, 2024
Downloadable IOCs: 5

LianSpy: new Android spyware targeting Russian users

Kaspersky discovered an Android spyware campaign called LianSpy that targets Russian users. The malware can capture screencasts, exfiltrate files, and harvest call logs and app lists. It employs evasive tactics like using the Russian cloud service Yandex Disk for command and control communication, …
android
spyware
2024-08-06
yandex
russian
lianspy
Published: August 6, 2024
Downloadable IOCs: 0

New Mandrake Android spyware version discovered on Google Play

n April 2024, Securelist discovered a suspicious sample that appeared to be a new version of Mandrake. Ensuing analysis revealed as many as five Mandrake applications, which had been available on Google Play from 2022 to 2024 with more than 32,000 installs in total, while staying undetected by any …
malware
android
spyware
google play
2024-07-29
mobile malware
mandrake
response opcode
apk file
airfs
Published: July 29, 2024
Downloadable IOCs: 9

The tapestry of threats targeting Hamster Kombat players

This analysis delves into the various malicious threats capitalizing on the immense popularity of the Hamster Kombat mobile game. It reveals that cybercriminals are exploiting players' interests by distributing Android spyware disguised as the game through unofficial channels, as well as creating f…
android
spyware
2024-07-24
Published: July 24, 2024
Downloadable IOCs: 26

Exploiting CVE-2021-40444 to Infiltrate Systems

A recently detected attack exploited a vulnerability in Microsoft Office to deploy spyware called MerkSpy. The initial vector was a deceptive Word document posing as a job description. Opening it triggered the exploitation of CVE-2021-40444, allowing arbitrary code execution. This downloaded an HTM…
vulnerability
spyware
keylogger
2024-07-02
information theft
CVE-2021-40444
merkspy
Published: July 2, 2024
Linked vulnerabilities : CVE-2021-40444
Downloadable IOCs: 6

CapraTube Remix | Android Spyware Targeting Gamers, Weapons Enthusiasts

SentinelLabs has uncovered a new campaign of Android spyware apps associated with the suspected Pakistan state-aligned Transparent Tribe threat group. The malicious apps, disguised as video browsers, gaming sites, and TikTok content, target mobile gamers, weapons enthusiasts, and individuals intere…
social engineering
android
pakistan
spyware
2024-07-01
caprarat
Published: July 1, 2024
Downloadable IOCs: 6

Arid Viper poisons Android apps with AridSpy

ESET researchers identified five campaigns targeting Android users with trojanized apps that deploy multistage Android spyware called AridSpy. This malware, attributed with medium confidence to the Arid Viper APT group, focuses on user data espionage. AridSpy downloads additional payloads from its …
espionage
android
exfiltration
spyware
2024-06-14
aridspy
Published: June 14, 2024
Downloadable IOCs: 37

macOS Cuckoo Stealer | Ensuring Detection and Defense as New Samples Rapidly Emerge

This analysis discusses the emergence of a new macOS malware family called 'Cuckoo Stealer', which acts as an infostealer and spyware. It describes Cuckoo Stealer's main features, logic, and provides indicators of compromise to assist threat hunters and defenders. The malware employs techniques lik…
obfuscation
infostealer
persistence
macos
spyware
2024-05-05
2024-05-06
2024-05-07
2024-05-08
cuckoo stealer
2024-05-09
2024-05-10
Published: May 10, 2024
Downloadable IOCs: 4

Malware: Behaves Like Cross Between Infostealer and Spyware

On April 24, 2024, we found a previously undetected malicious Mach-O binary programmed to behave like a cross between spyware and an infostealer. We have named the malware Cuckoo, after the bird that lays its eggs in the nests of other birds and steals the host's resources for the gain of its young.
infostealer
2024-05-03
spyware
cuckoo
Published: May 3, 2024
Downloadable IOCs: 18
Click here to see more Attack Reports