The Kaspersky security firm finds a new spy program which over the last five years has stolen the data of hundreds of customers. This initiative is called PhantomLance and it was started by hacker group OceanLotus since 2015.
Different variations of a dynamic Spyware program are available for users throughout India, Vietnam, Bangladesh, and Indonesia. Kaspersky detected 300 attack attempts since 2016, and the key goal of this spyware was to collect information.
The program involves a range of malware applications that were not involved in the mass deployment and targeted mainly at spying on other users. This illustrates how hackers use more sophisticated ways to locate them more difficultly.
Google has documented all the malicious examples of spyware discovered by Kaspersky and the tech giant has also de-listed these devices. These apps provided simple functionality but collected details from a specific computer including the list of applications loaded, system files, models, and Android versions.
The malicious software has also been able to import and execute various malicious payloads to tailor the payload to the system environment, such as the version of Android and enabled devices.
In this way, the actor may prevent unwanted functionality from overloading the application and at the same time collect the correct data,’ Kaspersky states. In order to make it look more credible, PhantomLance was distributed on many sites including Google Play and APKpure.
The hacker community has also created GitHub for the extra reputation to build a false developer account. Such applications are able, without malicious payloads, to bypass scanning validation systems used by Google and other app stores.
The devices received malicious payloads and a file that they could drop and execute with future updates. Vietnam emerged as one of the leading countries in Kaspersky’s results with a string of threats. The program was also used for certain malicious applications only in the Vietnamese language.
Kaspersky researchers claim that the PhantomLance program was initiated by OceanLotus based on parallels in malicious code in previous Android camps. Although Google’s applications have been downloaded from the play store, no promise is provided that these applications will not appear in the future.
He advises investing in a suitable protection system that protects the computer against a range of attacks. The Google Play Store applications should also be built with great care and determination. Check for feedback and make sure popular and reliable developer applications are downloaded only on the phone.