fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

PhoneSpy: Android Spyware Campaign Targeting South Korean Users

PhoneSpy: Android Spyware Campaign Targeting South Korean Users

An ongoing spyware campaign dubbed ‘PhoneSpy’ targets South Korean users via a range of lifestyle apps that nest in the device and silently exfiltrate data.

The campaign deploys a powerful Android malware capable of stealing sensitive information from the users and taking over the device’s microphone and camera.

Also Read: What a Vulnerability Assessment Shows and How It Can Save You Money

Researchers at Zimperium who discovered the campaign reported their findings to the US and South Korean authorities, but the host that supports the C2 server is yet to be taken down.

Hidden in “harmless” apps

The ‘PhoneSpy’ spyware comes disguised as a Yoga companion app, the Kakao Talk messaging app, an image gallery browser, a photo editing tool, and more.

Zimperium identified 23 laced apps that appear as harmless lifestyle apps, but in the background, the apps run all the time, silently spying on the user.

To do that, the apps ask the victim to grant numerous permissions upon installation, which is the only stage where cautious users would notice signs of trouble.

Permissions requested by the spyware-laced app
Permissions requested by the spyware-laced app
Source: Zimperium

The spyware that is hiding inside the masqueraded apps can do the following on a compromised device:

  • Fetch the complete list of the installed applications
  • Uninstall any application on the device
  • Install apps by downloading APKs from links provided by C2
  • Steal credentials using phishing URLs sent by C2
  • Steal images (from both internal and SD card memory)
  • Monitoring the GPS location
  • Steal SMS messages
  • Steal phone contacts
  • Steal call logs
  • Record audio in real-time
  • Record video in real-time using front & rear cameras
  • Access camera to take photos using front & rear cameras
  • Send SMS to attacker-controlled phone number with attacker-controlled text
  • Exfiltrate device information (IMEI, Brand, device name, Android version)
  • Conceal its presence by hiding the icon from the device’s drawer/menu

The spectrum of the stolen data is wide enough to support almost any malicious activity, from spying on spouses and employees to conducting corporate cyber-espionage and blackmailing people.

Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements

Apart from the spyware functionality, some apps also actively try to steal people’s credentials by displaying fake login pages for various sites.

Phishing templates used in the PhoneSpy campaign mimick Facebook, Instagram, Kakao, and Google account login portals.

Phishing pages served directly by the C2
Phishing pages served by PhoneSpy
Source: Zimperium

Distributing laced apps

The initial distribution channel for the laced apps is unknown, and the threat actors did not upload the apps to the Google Play Store.

It could be distributed through websites, obscure party APK stores, social media, forums, or even webhards and torrents.

A potential distribution method may be via SMS sent by the compromised device to its contact list since the malware is capable.

Using SMS texts increases the chances of the recipients tapping on the link that leads to downloading the laced apps as it comes from a person they know and trust.

Icons of some of the laced apps
Icons of some of the laced apps
Source: Zimperium

If you think you might have downloaded a risky app carrying spyware, delete it immediately and then run an AV scanner to clean your device of any remnants.

In cases where privacy and security are imperative, perform a factory reset on the device.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us