Revealed: dangerous malware campaign called PhantomLance which has been apparently lurking in Google’s official Play Store marketplace. Dozens of malicious apps infected with the malware are being distributed via the Play Store and alternate app stores such as APKpure and APKCombo, targeting users to spy on their habits and steal data. According to Kaspersky, this malware campaign has been live for over 4 years, and is likely the work of the OceanLotus advanced persistent threat (APT) group, thought to be based out of Vietnam, First discovered by researchers at BlackBerry in October 2019, the malware mainly targets users in Vietnam, Bangladesh, Indonesia, and India to collect information such as location data, call logs and contacts, and can even monitor SMS activity, and read the phone’s OS version, model and list of installed applications. This campaign was discovered after Kaspersky came across a Dr Web report from 2019 concerning a Play Store app that came with a backdoor allowing a Trojan to install malware and exfiltrate data from the device.
kaspersky found traits of malware in multiple applications distributed via the Play Store. These apps are said to come with a high level of encryption and were more complex than most other malware used to steal data. According to the report “the threat actor was able to download and execute various malicious payloads, and thus adapt the payload that would be suitable to the specific device environment, such as the Android version and installed apps.this way, the actor was able to avoid overloading the application with unnecessary features and at the same time gather the desired information. The hackers would first upload a clean copy of an application on the Play Store and other app repositories. Once the application was approved, the follow-up versions contained malicious payloads or requisite codes to install apps in the background on the compromised device.
read releated Article: https://zivallo.info/2020/04/29/google-meet-will-now-available-for-free-for-all/