Kaspersky reveals an attack targeting mobile phones in Southeast Asia |
In early March, Trend Micro released research results from a large-scale campaign that launched an attack called "Puddles" and targeted users in Southeast Asia with the powerful LightSpy spyware. Kaspersky Inc.'s global research and analysis team Additional important information about the event, which banned mobile phone users via harmful links that led to many forums and communication channels. .
Kaspersky analyzed the following in a research report published on Securelist.com:
- Schedule for introducing the monitoring framework in January 2020.
- A previously unknown example of LightSpy software growing on Android mobile devices.
- The effects of spyware grown for Windows, Mac and Linux computers and Linux-based routers.
- New signs of breakthrough and more details about the attack.
What do you know about LightSpy attacks?
The spoiler behind the campaign links to a malicious website that mimics the original site that the target victim frequently visits, and once the victim visits the fraudulent site, a series of exploitation the specialist tries to execute the shellcode. This triggers the original malware completely on the victim's phone.
Malware has successfully targeted iPhones running iOS 12.2, while users using iPhones with the latest version of iOS 13.4 are protected from these vulnerabilities targeting users of Android devices. Based on the research, employees found that several versions of the program were targeting the system.
In addition, Kaspersky researchers have found signs of malware for Mac, Linux and Windows as well as Linux-based routers.
Kaspersky researchers have also found that the software is distributed not only through posts and forum responses across popular communication platforms, but also through programs that link to these published sites that mislead misleading programs. It can unlock OS protection and allow attackers to record calls and sounds, read messages in certain apps and perform other harmful activities.
The information currently available in the campaign was insufficient to determine the subversive activities behind the campaign, which resulted in Kaspersky temporarily recalling the attacker TwoSail Junk.
"The team has been trying to monitor this activity and its infrastructure since January of this year," said Alexei Fersch, security researcher at Kaspersky's global research and analysis team. He thinks it's about building a flexible and systematic structure and an interesting example of being able to use it to spy. Southeast Asia.
"We've already seen this innovative strategy in SpringDragon. The development of LightSpy malware is part of the previous regional targeting of SpringDragon, LotusBlossom and Billbug APT, which is suitable for infrastructure and background use (Evo though the campaign peaked in February)," Fitch added. , And he was still active when we saw the fastest growing links to malicious websites, and we're still following them. "
Kaspersky recommends that users do the following to avoid becoming a victim (beverage groups) and other targeted attacks:
- Avoid providing suspicious links to suspicious content, especially when sharing on social networks and especially when sharing on social networks. Consult official resources for reliable information.
- You must verify the validity of the site and avoid visiting the site to be legal. Start with https, check URL format and company name spellings, read their reviews and verify domain name registration data.
- Choose a trusted digital security solution like Kaspersky Total Security to effectively protect people from known and unknown threats.