Home Malware Programs Spyware Android/Spy23C.A


Posted: October 1, 2020

Android/Spy23C.A is in-house spyware that's specific to the APT-C-23 hacking group. These attackers often target victims in Middle Eastern nations and use custom programs like Android/Spy23C.A for exfiltrating information, such as passwords. Users should avoid disreputable download sources for Android applications and remove Android/Spy23C.A infections with trustworthy security solutions.

Spies Getting Extra Stealth Upgrades

The 'Get Smart' show of the sixties had writing that guessed at the advanced espionage technology, with much to-do over characters' episodic upgrades. Appropriately enough, the threat landscape for spyware, even in 2020, resembles this process with all its dramatic reveals. Even highly-professional groups like APT-C-23 see the need to make massive updates to their spyware, such as this article's Android/Spy23C.A.

Android/Spy23C.A is Android-focused spyware that shows that this group (also known by colorful names like Two-Tailed Scorpion) continues targeting such devices alongside Windows PCs. The earlier versions of Android/Spy23C.A installed themselves with the help of a fake, non-functional messaging application. Updates to the installation exploits include bundling the spyware with fully-working applications from custom-made storefront domains, making it even more likely that victims will overlook any data theft.

Android/Spy23C.A's original features include attacks like SMS messaging, exfiltrating contact lists, and accessing the camera and audio-recording functions. The newer releases have even more functions: screen-grabbing, recording WhatsApp messages and monitoring notifications. The programmers also bolster its C&C communication method for dynamic domains, give it the ability to block notifications for itself or security programs, and provide a blank screen overlay that could let Android/Spy23C.A hide its visible features from users.

Giving a Guarded Response to a Well-Hidden Observer

APT-C-23's involvement in campaigns throughout the world counterpoints its particular interest in victims residing in nations like Israel and Palestine. Although the group has many tools besides Android/Spy23C.A, including KASERAGENT, MICROPSIA, VAMP, and Gnatspy, users can anticipate their attacks and known strategies. Most infection vectors related to APT-C-23 will use social engineering to a high degree, including designing custom websites, e-mails, and applications that bundle their backdoor Trojans and spyware.

The last known drive-by-downloads concerning Android/Spy23C.A also use 'coupon codes' for restricting download access. Users can keep their devices safe by avoiding installing applications from third-party sites like the 'DigitalApps' storefront of APT-C-23. Although official application stores like Google's storefront are far from perfect, their curation offers significant protection for users, even from years-seasoned spying entities like this group.

Compatible anti-malware tools for Android devices remain recommended by malware analysts for removing Android/Spy23C.A and other high-level threats, despite this program's increasing obfuscation in some areas, such as its C&C domain contacts.

Android/Spy23C.A is nothing less than one would expect from long-term cyber-spies like Two-Tailed Scorpion. However, it has far more than a pair of stings in its payload, as anyone with a phone who brushes by it will discover quite quickly.