Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

South Korean Users Targeted with Android Spyware ‘PhoneSpy’

More than 1,000 mobile phone users in South Korea have been targeted with a powerful piece of Android spyware as part of an ongoing campaign, according to a new report from Zimperium zLabs.

Dubbed PhoneSpy, the malware was designed with extensive spyware capabilities inside, such including data theft, audio and video capture, and location monitoring.

More than 1,000 mobile phone users in South Korea have been targeted with a powerful piece of Android spyware as part of an ongoing campaign, according to a new report from Zimperium zLabs.

Dubbed PhoneSpy, the malware was designed with extensive spyware capabilities inside, such including data theft, audio and video capture, and location monitoring.

The malware was not found in any Android application stores, a suggestion that the attackers are employing different distribution methods, such as social engineering and web redirects. A total of 23 applications used in this campaign were identified to date, according to a report from Zimperium.

The threat masquerades as various lifestyle applications that allow users to watch TV or videos, or browse photos, but in reality it steals as much data from the infected devices as possible, including calls, messages, photos, and other types of data.

[ READ: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation ]

It also allows an attacker to remotely control the compromised devices, providing them with access to the camera and microphone to take pictures and record audio and video, as well as to the GPS, to get the device’s precise location.

In addition to grabbing calls, contact information, and messages from the infected devices, PhoneSpy can send SMS messages with attacker-controlled content. It can also display a fake login page for the Kakao Talk messaging app to steal users’ credentials.

“While the victims have been limited to South Korea, PhoneSpy is an example of how malicious applications can disguise their true intent. When installed on victims’ devices, they leave personal and corporate data at risk,” Zimperium said.

Advertisement. Scroll to continue reading.

Related: Amnesty Links Indian Cybersecurity Firm to Spyware Attack on African Activist

Related: Google: Sophisticated APT Group Burned 11 Zero-Days in Mass Spying Operation

Related: Apple Points to Android Malware Infections in Argument Against Sideloading on iOS

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how the LOtL threat landscape has evolved, why traditional endpoint hardening methods fall short, and how adaptive, user-aware approaches can reduce risk.

Watch Now

Join the summit to explore critical threats to public cloud infrastructure, APIs, and identity systems through discussions, case studies, and insights into emerging technologies like AI and LLMs.

Register

People on the Move

Checkmarx has appointed Scott Gainey as Chief Marketing Officer.

Jason Hogg has been named Executive Chairman of CYPFER.

HUB Cyber Security has appointed former PayPal and American Express executive Paul Parisi as its Global Chief Revenue Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.