HQ/EMEAFind out how we can help your business
The malicious LightSpy spyware that initially appeared in a watering hole attack against Apple device users in 2020 has reemerged with new capabilities.
Based on reports, the new version of the spyware includes a set of 14 plugins that could extract sensitive data. The Chinese state-sponsored APT41 is the alleged user of the latest malware since they are also notorious for using the DragonEgg and WyrmSpy spyware to target Android users in the past.
The new LightSpy spyware also uses a Core implant aside from the plugins.
According to investigations, the new version of LightSpy spyware includes a Core implant and 14 plugins, which are critical for the threat actors to execute various functions within their attack chain.
The Core implant’s primary functions are collecting device fingerprints, establishing a secure connection with the C2 server, and receiving commands from the server. In addition, the LightSpy Core could support 24 commands, such as updating itself and the accompanying plugins.
Furthermore, the investigation of the new malware identified 14 plugins from 20 active servers. These plugins could discreetly extract sensitive information and capture screenshots from various messaging apps and systems.
The most hostile plugins from the 14 identified ones are the Location Module Plugin, Sound Record Plugin, and Bill Plugin. The first plugin could track a victim’s current locations by snapshotting specific intervals, the second could start mic recording even through incoming phone calls, and the third could steal a user’s WeChat Pay payment history, such as last bill ID, bill type, transaction ID, date, and payment processing status.
The new spyware campaign is within several active servers across several regions. The confirmed areas targeted by these recent attacks include mainland China, Hong Kong, Taiwan, Singapore, and Russia.
This detail indicates that the LightSpy threat remains active in the wild. Given the attackers’ tendency to utilise popular software and apps as distribution channels, users should refrain from installing software from untrustworthy sources.
Users should be vigilant and knowledgeable about these threats to counter the new LightSpy campaign and avoid losing their credentials, which could ultimately result in financial loss.
