The researchers of safety of Kaspersky have identified a new malware to sophisticated for the Android, named “LianSpy, which has been active since July 2021, but there's been anyone's guess, thanks to the skills of its advanced evasion, and mainly aims at the user's Russian.
LianSpy masquerades as an application, Alipay, or service of the system with the Android, to avoid detection. According to the scholars of security, it is possible that if the initial pass through a cenueshmërie of the day, to zero, or by the operation of the physical device. After installation, the malware takes care about making the permissions of the root, using a binary “I” to edit, and trying to find a binary “I” in the call to the default.
After they gain access to the root, the malware asks for or give permission to be different, including the overlapping of the display, access to the notifications and search the records of the call. After they have received the permits required, LianSpy you can perform various actions, such as taking in the views of the theft of the file and the analysis of the records of the call.
Among the various skills of the anashkalimit, we emphasize particularly the possibility of anashkalimit the “Set to private” on Android 12 and, later on, in such a way LianSpy manipulates the parameters of the system in order to block notifications, and registration to the screen, leaving the user unaware of what's going on. LianSpy also have the ability to ascertain whether the performance of its taking place in the environmental analysis.
The configuration of the LianSpy is taken from a storage Disk Yandex, and then maintained at the local level, and provides the data to the target, the intervals between the capture of the view of the screen, and the ekfiltrimit of the data. The settings persist even after restarting the device.
The data is stolen, are encrypted with the AES in a way that only he can aksesojë the information is stolen, and it is stored in a table in SQL before you are charged again to Yandex Disk. In the end, LianSpy perform periodic audits of the software update to obtain the settings for the new configuration to determine the activities on the device being compromised.
The capabilities of the anashkalimit, and, in particular, the use of the platform is fully legitimate as well as Yandex complicate the possibility of atribuimit: Kaspersky notes, as it is said, that this is a campaign that aims to user russians, and at the moment does not seem to be in a similar way, with the support of others, which are aimed at the same objectives. However, to use later at a larger scale, can not be ruled out, especially if you vektori primary infection is a cenueshmëri is still unknown, and the day-to zero.
Discussion about this post