Last summer, the existence of spyware Pegasus – from the Israeli company NSO Group – revealed by a media consortium in a joint investigation, shook the world. This Wednesday, researchers from the cybersecurity company Zimperium zLabs they alerted on the detection of a new ‘malware’, called PhoneSpy, which has already affected numerous Android users in South Korea.
So far, the program has damaged the phones of more than 1,000 individuals in that country. “The malicious group behind this invasive campaign has gained access to all data, communications and services of their devices “, stressed from Zimperium zLabs.
How does it work and what functions do you have access to?
Spyware routinely infiltrates devices by exploiting vulnerabilities. In the case of Pegasus, for example, what is known as a trap link is sent, which persuades the victim to touch it and thus activate spyware. Similarly, there is a ‘zero clicks’ strategy, when the program is installed without user intervention.
Meanwhile, the PhoneSpy is disguised and presented as any regular application, with themes ranging from yoga to viewing photos and videos. In total, the presence of spyware has been detected in 23 apps.
The experts pointed out that such applications Are not avaliables in any Android ‘app’ store, which suggests that hackers use in this case “distribution methods based on redirection of web traffic or social engineering.”
Richard Melick, author of a blog on the Zimperium zLabs site, detailed in a comment to the portal TechCrunch that cybercriminals use tools such as’ phishing ‘to infiltrate their victims’ phones, “tricking the end user into downloading what they think is a legitimate application from a compromised website or direct link.”
By seizing a ‘smartphone’ with an Android system, the malicious program allows access to the camera, take photos, and record videos and audios. Among other things, hackers can also monitor GPS coordinates, steal messages, contacts and call records and test the mobile in question in a controlled way. In that sense, the capabilities of PhoneSpy are similar to those of Pegasus, as estimated in the portal Threatpost.
Zimperium zLabs has not determined who is spreading and using PhoneSpy, but said it reported the discovery to South Korean and US authorities. The company offered the command-and-control server host its help in ending the ‘malware’. However, the spyware still It is active.