Sunday, March 7, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

PhantomLance spying campaign breaches Google Play security

April 29, 2020
in Internet Security
PhantomLance spying campaign breaches Google Play security
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data. 

On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing. 

You might also like

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

Linux distributions: All the talent and hard work that goes into building a good one

According to the team, “dozens” of malicious apps connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant’s official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure. 

Back in July 2019, the Doctor Web team published research on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin. 

Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information. 

Kaspersky says that a similar sample of this Trojan was found on Google Play and its sophistication — including the use of high levels of encryption and an ability to adapt malicious payloads depending on the mobile device environment — suggests that PhantomLance is not the work of run-of-the-mill threat actors. 

The PhantomLance malware, of which multiple variations have been traced, has the basic functions of spyware, such as exfiltration functions for stealing user information including phone call logs, contacts, GPS data, SMS messages, and device model and OS information. 

See also: Google will now demand online advertisers provide proof of identity and location

The Trojan is able to build a backdoor to transfer this data to the operator’s command-and-control (C2) server as well as deploy additional malicious payloads. 

Kaspersky suspects an Advanced Persistent Threat (APT) group may be behind the campaign due to the care taken to mask its tracks. In “almost every case,” the team says, fake developer profiles were created with associated GitHub accounts, and in order to avoid detection, the first version of each app uploaded to Google Play or APKpure did not contain malicious code. 

“With later updates, applications received both malicious payloads and a code to drop and execute these payloads,” Kaspersky says. 

Approximately 300 infection attempts have been traced to Android devices in countries including India, Vietnam, Bangladesh, and Indonesia since 2016.

Attribution is often a difficult prospect. However, in the case of PhantomLance, there are some indicators that the APT group OceanLotus, also known as APT32, is involved.

CNET: Coronavirus stimulus scams are here. How to identify these new online and text attacks

After sorting through the codebase of the malicious apps, Kasperksy assessed with “medium confidence” that OceanLotus is behind the payloads. This is because at least 20% of the codebase is similar to older Android cyberattacks and campaigns launched by the group, which also tends to target victims across South East Asia. 

OceanLotus has been active since 2013 and has been linked to campaigns against entities including the Vietnamese and Chinese governments. Recently, a fresh attack was launched the Chinese Ministry of Emergency Management in a bid to find and steal data relating to the COVID-19 pandemic. 

Kaspersky has reported all of the malicious apps found. Google has since removed them from the store.

TechRepublic: One billion certificates later, Let’s Encrypt’s crazy dream to secure the web is coming true

“PhantomLance has been going on for over five years and the threat actors managed to bypass the app stores’ filters several times, using advanced techniques to achieve their goals,” says said Alexey Firsh, a Kaspersky researcher. “We can also see that the use of mobile platforms as a primary infection point is becoming more popular.”

ZDNet has reached out to Google and will update when we hear back. 

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Credit: Zdnet

Previous Post

Machine Learning Tool Could Provide Unexpected Scientific Insights into COVID-19

Next Post

How to Improve Product Marketing and Sales Enablement Collaboration

Related Posts

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud
Internet Security

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

March 7, 2021
CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
Internet Security

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

March 7, 2021
Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
Internet Security

Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool

March 7, 2021
Cyberattack shuts down online learning at 15 UK schools
Internet Security

Cyberattack shuts down online learning at 15 UK schools

March 6, 2021
Next Post
How to Improve Product Marketing and Sales Enablement Collaboration

How to Improve Product Marketing and Sales Enablement Collaboration

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud
Internet Security

Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud

March 7, 2021
Researchers at Utrecht University Develop an Open-Source Machine Learning (ML) Framework Called ASReview to Help Researchers Carry Out Systematic Reviews
Machine Learning

Researchers at Utrecht University Develop an Open-Source Machine Learning (ML) Framework Called ASReview to Help Researchers Carry Out Systematic Reviews

March 7, 2021
CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now
Internet Security

CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now

March 7, 2021
Why do Machine Learning strategies fail and how to deal with them?
Machine Learning

Why do Machine Learning strategies fail and how to deal with them?

March 7, 2021
Linux distributions: All the talent and hard work that goes into building a good one
Internet Security

Linux distributions: All the talent and hard work that goes into building a good one

March 7, 2021
Enhance your gaming experience with this sound algorithm software
Machine Learning

Enhance your gaming experience with this sound algorithm software

March 7, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Okta and Auth0: A $6.5 billion bet that identity will warrant its own cloud March 7, 2021
  • Researchers at Utrecht University Develop an Open-Source Machine Learning (ML) Framework Called ASReview to Help Researchers Carry Out Systematic Reviews March 7, 2021
  • CISA issues emergency directive to agencies: Deal with Microsoft Exchange zero-days now March 7, 2021
  • Why do Machine Learning strategies fail and how to deal with them? March 7, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates