LianSpy can also turn off Android’s Privacy Indicator, a feature that lets you know when your camera or microphone is in use.
Every month, Google releases security patches for Android that help block several malwares and spywares before they can damage your phone or tabletBut a new report by Kaspersky, the security firm that was recently banned in the United States recently discovered a spyware dubbed “LianSpy” that steals all your files, takes screenshots of what you are doing and even harvests call logs.
Unlike most malwares that get detected in a couple of months, stealth techniques used by LianSpy have been so advanced that it remained undetected for over three years. According to Kaspersky, the malware poses itself as the Alipay app or a system service to evade detection.
Kaspersky says “LianSpy uses su binary with modified name to gain root access”, which means that the malware may be using an unknown exploit or requires physical access to the device. With Android 12, Google also introduced a new privacy indicator that shows when an app is using your camera or microphone, but LianSpy can easily evade that by adding a “cast” value so that the cast notifications are blocked, meaning you won’t see any indicator when the spyware is using your camera or microphone.
When LianSpy is installed on an Android device, it asks users for permissions like screen overlay, contacts, notifications, call logs and the ability to run the app in the background. If it is installed as a system service, it automatically grants itself the required permissions.
Some apps that are captured by LianSpy include WhatsApp, Telegram, Chrome, Facebook, Instagram, Gmail, Skype, Snapchat and Discord. While Kaspersky suggests that the spyware is currently targeting Russian users, the hardcoded phrases are present in English as well, which means the actors behind the spyware might target users in other regions as well.
Source Credit: https://indianexpress.com/