Danger lurks around every corner online. Whether you’re using a phone, a tablet, or a computer, you always have to keep your guard up to avoid hacks and scams. This is especially true for Android users, as dangerous phishing campaigns appear to be popping up on a weekly basis. The latest is PhoneSpy, and it involves a collection of spyware apps masquerading as helpful tools. If you have any of these malicious apps on your phone, it’s imperative that you delete them immediately.
Mobile security company Zimperium recently uncovered a targeted spyware campaign it has dubbed PhoneSpy. As the company explains, PhoneSpy disguises itself as a standard mobile app that purports to stream movies, help users learn yoga, or browse photo collections. But in reality, the spyware steals documents, photos, videos, and more from the Android phone.
PhoneSpy Android spyware campaign
Here’s what will happen if PhoneSpy manages to infect your device, according to Zimperium:
Upon infection, the victim’s mobile device will transmit accurate GPS locational data, share photos and communications, contact lists, and downloaded documents with the command and control server. Similar to other mobile spyware we have seen, the data stolen from these devices could be used for personal and corporate blackmail and espionage. The malicious actors could then produce notes on the victim, download any stolen materials, and gather intelligence for other nefarious practices.
If you want an even more detailed breakdown, here’s what a PhoneSpy app can do to your phone:
- Complete list of the installed applications
- Steal credentials using phishing
- Steal images
- Monitoring the GPS location
- Steal SMS messages
- Steal call logs
- Record audio in real-time
- Steal phone contacts
- Record video in real-time using front & rear cameras
- Access camera to take photos using front & rear cameras
- Send SMS to attacker-controlled phone number with attacker-controlled text
- Exfiltrate device information (IMEI, Brand, device name, Android version)
- Conceal its presence by hiding the icon from the device’s drawer/menu
As terrifying as that might sound, there is some relatively good news. Zimperium says that its zLabs mobile threat research team found just 23 Android apps in the PhoneSpy campaign. All of those apps were targeting South Korean citizens specifically, so if you’re anywhere but South Korea, you’re in the clear for now. That said, Zimperium believes thousands of South Korean victims already downloaded the malicious apps. This is why it’s so vital to constantly be on the lookout.