The specialists of Russian software security company Kaspersky Lab have identified Trojan spyware, dubbed LianSpy, that has been used for cyberespionage against targeted Android device owners in Russia.
According to Kaspersky Lab, the malware may have been released in mid-2021. However, detecting it has proven challenging due to the attackers’ sophisticated efforts to conceal their activities. The espionage operation was not widespread but targeted specific unnamed individuals, the company said.
Since LianSpy was identified in the spring of this year, Kaspersky Lab experts have detected more than 10 targets, adding that its analysis is based on anonymised data from the company's service triggers.
"LianSpy disguises itself as system applications and financial services," explained Dmitry Kalinin, a cybersecurity expert at Kaspersky Lab, reports Vedomosti. "The attackers are not interested in the financial information of the victims. Instead, the malware collects and transmits contact lists, call logs and lists of installed applications from the infected devices."
Kalinin added that the Trojan can record the smartphone screen when specific applications, mainly instant messengers, are opened. Moreover, LianSpy can bypass Android notifications indicating the use of the camera or microphone, disabling the icon that appears during screen recording.
Positive Technologies security consultant Alexey Lukatsky noted that it is improbable that Google, the manufacturer of the Android operating system, is behind this spying, as the company has more efficient methods to monitor users than resorting to add-on malware. He also dismissed the likelihood of regular software developers embedding such malicious functionality, as they typically create advertising software or software that gathers data about the device or the user's online activity, rather than their communications.
Kalinin explained that the devices might have been infected remotely by exploiting several unidentified vulnerabilities or by gaining physical access to the phone. However, determining the exact attack vector is difficult, as the experts only had the malware itself to analyse.