Adrian Johnson
TLDR:
- New Android spyware called LianSpy has been targeting Russian users since 2021.
- The spyware evades detection by using Yandex Cloud for command-and-control communications.
Article Summary:
Users in Russia have been targeted by a new Android spyware called LianSpy, discovered by cybersecurity vendor Kaspersky in March 2024. The spyware utilizes Yandex Cloud for command-and-control communications to avoid detection. LianSpy can capture screencasts, exfiltrate user files, harvest call logs, and gather app lists. It operates by disguising itself as Alipay or an Android system service and gains access to various permissions once activated. The spyware can update its configuration to specify the type of information to capture, including data from popular instant messaging apps in Russia, and can hide notifications to bypass privacy indicators introduced by Google in Android 12. LianSpy also utilizes the su binary with a modified name to gain root access and communicates with the threat actor’s Yandex Disk every 30 seconds to update its configuration. The malware stores stolen data in an encrypted form and showcases stealth by not receiving incoming commands. LianSpy represents the latest in a series of spyware tools targeting mobile devices, leveraging zero-day flaws for delivery and exploiting vulnerabilities to evade detection and carry out espionage activities.
