PhoneSpy already has stolen data and tracked the activity of targets in South Korea, disguising itself as legitimate lifestyle apps.
Researchers discovered new Android spyware that provides similar capabilities to NSO Group’s Pegasus controversial software. Called PhoneSpy, the mobile surveillance-ware has been spotted activity targeting South Koreans without their knowledge.
PhoneSpy disguises itself as a legitimate application and gives attackers complete access to data stored on a mobile device and grants full control over the targeted device, according to a Zimperium zLabs report published Wednesday.
Pegasus spyware, developed by Israeli-based NSO Group, which has been blacklisted by the U.S. government, has been linked to cyberattacks against dissidents, activists and NGO workers. However, it’s unclear from the Zimperium report who is behind PhoneSpy and whether it is being sold commercially. Also unclear from the report is whether high-profile victims or random individuals are being targeted by PhoneSpy.
According to Zimperium, attackers are weaponizing PhoneSpy for similar purposes as the NSO Group did. However, researchers conceded they are unsure why thousands in South Korea are targeted or what connection they have to each other.
The spyware is potentially more dangerous than Pegasus, researchers assert. They argue that PhoneSpy “hides in plain sight, disguising itself as a regular application with purposes ranging from learning yoga to watching TV and videos, or browsing photos,” Zimperium researcher Aazim Yaswant wrote in the post.
PhoneSpy features include stealing data, eavesdropping on messages and viewing images stored on the phone. Researchers said attackers can also gain full remote control of Android phones. So far, Yaswant wrote, Zimperium has identified 23 applications surreptitiously containing the spyware.
Read more at: threatpost.com