South Korean users have been targeted with a new sophisticated Android spyware named PhoneSpy. The researchers from Zimperium zLabs uncovered the ongoing campaign that has already infected the mobile phones of over a thousand South Korean victims.
PhoneSpy disguised itself as a harmless application with various purposes ranging from learning Yoga to watching TV and videos, or browsing photos.
PhoneSpy supports a broad range of capabilities in it which includes accessing the camera to take pictures, record video, and audio, get GPS location, view pictures from the device, access files and messages on the devices.
The malware also allows an attacker to remotely control the infected mobile devices.
The hackers are distributing the malware through web traffic redirection or social engineering. The researchers could not find any evidence of the spyware in any app in the Play Store.
ZimperiumLabs stated that their mobile threat research team identified 23 applications targeting South Korean citizens to date, infecting thousands of victims to this spyware campaign. These malicious Android apps are designed to run silently in the background, constantly spying on their victims without raising any suspicion.
According to the researchers the threat actors behind PhoneSpy have collected huge amounts of personal and corporate information on their victims, including private communications and photos.
The malware can tamper with calls, access contact information and send SMS messages on behalf of the victim.
Once installed the app requests permissions and displays a phishing page that clones the login page of popular apps such as Facebook, Instagram, Google, and the popular South Korean messaging app “Kakao Talk” to steal credentials.