C-23

New Variants of Android Spyware Linked to APT C-23 Enhanced for Stealth and Persistence, Sophos Research Reveals

Retrieved on: 
星期二, 十一月 23, 2021
Android (operating system), Language, Intelligence, Member of the Scottish Parliament, API, AI, Update, Intercept, Sophos, APT, Machine learning, WhatsApp, GitHub, GLOBE, SMS, Organization, Social media, Google Play, YouTube, C-23, Mobile phone, Online shopping, Book, Satellite navigation device

The spyware presents itself as an update app with a generic icon and name, such as App Updates.

Key Points: 
  • The spyware presents itself as an update app with a generic icon and name, such as App Updates.
  • Sophos researchers believe the attackers distribute the spyware app by sending a download link in the form of a text message to the target's phone.
  • The first time a target runs the spyware app, it asks for permissions to control various aspects of the phone.
  • The attackers use social engineering techniques to convince the target these permissions are essential for the app to function.