HQ/EMEAFind out how we can help your business
The new SpyAgent campaign currently targets smartphone users in South Korea. This malware, identified by researchers last month, has already compromised over 200 devices, indicating a growing threat in the South Korean digital landscape.
Based on reports, the campaign operators disseminate this novel malware strain through their devious Android and iOS applications, which they deliver through phishing sites. The initial contact with victims occurs through convincing SMS messages, urging them to use the LINE messenger app to continue the conversation.
Once lured onto the platform, the attackers will instruct the victims to click on an application provided in the phishing link, presumably to start a harmless video call. However, once the user clicks the link, it will download the SpyAgent malware. This malware could discreetly harvest contact information and text messages and exfiltrate them to an attacker-controlled server.
One of the phishing sites where the SpyAgent propagates is from a fake version of a communication app.
A fraudulent version of the Camtalk app for Android and Apple phones could spread the SpyAgent malware. Moreover, the attackers who developed these apps have created themes on their phishing sites to lure unsuspecting victims. Based on the discovery of 10 phishing sites, experts believe the campaign is ongoing, with the number of affected devices expected to increase.
This recent incident shows how cybercriminals exploit malicious apps to make them vectors for malware distribution. Furthermore, the attackers have also leveraged the Windows news portal to propagate a malicious installer for the CPU-Z app, distributing the RedLine Stealer.
A recent analysis identified several malicious apps on the Google Play Store, spreading various malware strains, including FakeApp, Joker, and HiddenAds.
In response to the escalating threat landscape targeting mobile devices, Google has taken measures to strengthen its defences with an update to Google Play Protect. On the other hand, users should be more cautious by avoiding downloads from unknown sources or third-party app stores.
Smartphone users, especially in South Korea, should be more vigilant and critical with app permissions since most of these campaigns ask for unrelated privileges to the app’s intended purpose. Users should stay informed and adopt the best practices to prevent or mitigate the chances of these infections.
