Kaspersky reveals mobile phone attack in Southeast Asia
Earlier in March, Trend Micro published research results for a large-scale campaign of attacks known as the Watering Hole targeting users in Southeast Asia with a powerful spy software called LightSpy, and following the publication of the results of that research study, the global research and analysis team published Kaspersky has important additional details about this campaign, which targets mobile phone users through malicious links leading to different forums and communication channels.
In her Securelist.com research, Kaspersky presented an analysis of the following:
The timetable for the use of the monitoring framework from January 2020.
Previously unknown samples of LightSpy software grown in Android mobile devices.
Traces of implanted spy software targeting Windows, Mac and Linux computers, and Linux-based routers.
New signs of breakthroughs, and other details about the attack.
What are known about LightSpy attacks?
The subversive behind the campaign distributes links to malicious sites that mimic original sites frequented by their target victims, and once the victim visits the booby-trapped website, a dedicated exploitchain tries to implement shellcode, resulting in the original malicious code being fully turned on on a phone. The victim.
The malicious software succeeded in targeting iPhone devices running up to 12.2 versions of the iOS system, and users of iPhone devices with the latest version 13.4 of the iOS system, are safe from these loopholes, targeting users of devices running Android, as researchers found several versions of these The software is targeting this system.
Furthermore, Kaspersky researchers have identified some indications of malicious software targeting Mac, Linux and Windows devices, as well as Linux-based routers.
Kaspersky researchers also found that the software is spread through posts and responses in forums, as well as popular communication platforms by posting links to them that lead to fake pages rigged with software that can break operating system protection to give attackers the ability to record calls and audio. And read messages in certain applications, and other malicious activities.
The information currently available about the campaign is not enough to determine who is behind it, which causes Kaspersky to temporarily call the attackers TwoSail Junk.
"The team has been tracking this campaign and its infrastructure since January this year," said Alexei Versch, a security researcher with Kaspersky's global research and analysis team, and said it is an interesting example of the possibility of developing a flexible methodology and employing it for spying purposes in Southeast Asia. .
"This innovative strategy is something we've seen earlier at SpringDragon, while target location of LightSpy is part of previous regional targeting operations by SpringDragon, LotusBlossom, and Billbug APT, which applies to the structure. Infrastructure and use of rear port (Evora). Although the campaign peaked in February, when we saw the highest growth of links leading to malicious websites, it is still active and we are still monitoring them."
Kaspersky recommends that users take the following measures to avoid falling victim to attacks (drinking pools) and other targeted attacks:
Avoid suspicious links that promise exclusive content, especially if shared on social media, and consult official sources for reliable information.
The site should be validated, avoid visiting websites to ensure that they are legitimate and start with https, checking the URL format, spelling the company name, reading its ratings and verifying domain name registration data.
Choose a reliable digital security solution such as Kaspersky Total Security to effectively protect against known and unknown threats.
Kaspersky, on the other hand, recommends that companies should have access to the latest information on digital threats.
In her Securelist.com research, Kaspersky presented an analysis of the following:
The timetable for the use of the monitoring framework from January 2020.
Previously unknown samples of LightSpy software grown in Android mobile devices.
Traces of implanted spy software targeting Windows, Mac and Linux computers, and Linux-based routers.
New signs of breakthroughs, and other details about the attack.
What are known about LightSpy attacks?
The subversive behind the campaign distributes links to malicious sites that mimic original sites frequented by their target victims, and once the victim visits the booby-trapped website, a dedicated exploitchain tries to implement shellcode, resulting in the original malicious code being fully turned on on a phone. The victim.
The malicious software succeeded in targeting iPhone devices running up to 12.2 versions of the iOS system, and users of iPhone devices with the latest version 13.4 of the iOS system, are safe from these loopholes, targeting users of devices running Android, as researchers found several versions of these The software is targeting this system.
Furthermore, Kaspersky researchers have identified some indications of malicious software targeting Mac, Linux and Windows devices, as well as Linux-based routers.
Kaspersky researchers also found that the software is spread through posts and responses in forums, as well as popular communication platforms by posting links to them that lead to fake pages rigged with software that can break operating system protection to give attackers the ability to record calls and audio. And read messages in certain applications, and other malicious activities.
The information currently available about the campaign is not enough to determine who is behind it, which causes Kaspersky to temporarily call the attackers TwoSail Junk.
"The team has been tracking this campaign and its infrastructure since January this year," said Alexei Versch, a security researcher with Kaspersky's global research and analysis team, and said it is an interesting example of the possibility of developing a flexible methodology and employing it for spying purposes in Southeast Asia. .
"This innovative strategy is something we've seen earlier at SpringDragon, while target location of LightSpy is part of previous regional targeting operations by SpringDragon, LotusBlossom, and Billbug APT, which applies to the structure. Infrastructure and use of rear port (Evora). Although the campaign peaked in February, when we saw the highest growth of links leading to malicious websites, it is still active and we are still monitoring them."
Kaspersky recommends that users take the following measures to avoid falling victim to attacks (drinking pools) and other targeted attacks:
Avoid suspicious links that promise exclusive content, especially if shared on social media, and consult official sources for reliable information.
The site should be validated, avoid visiting websites to ensure that they are legitimate and start with https, checking the URL format, spelling the company name, reading its ratings and verifying domain name registration data.
Choose a reliable digital security solution such as Kaspersky Total Security to effectively protect against known and unknown threats.
Kaspersky, on the other hand, recommends that companies should have access to the latest information on digital threats.
0 Comments