FakeSpy
FakeSpy is spyware for Android devices that collects multiple data types, including contacts, account credentials and financial information. FakeSpy usually infects victims through SMS messages and may disguise itself as a safe download such as a postal service application. Compatible anti-malware programs should safely delete FakeSpy, although users also should change passwords and take other precautions for re-securing their accounts.
This Threat isn't as Much of a Fake as It Sounds
With its activities against victims under analysis since 2017, FakeSpy is a long-lived threat that further expresses the spyware specialty of its China-based threat actor: Roaming Mantis. Although its earliest deployments denote a local geographical interest in neighboring countries, FakeSpy, now, spreads throughout the world. Besides collecting information, it also gives Android users reasons for being careful about their downloads.
The Android-specific FakeSpy uses a very appropriate propagation method for that environment: SMS messages. Messages may disguise FakeSpy's installer, hosting on a corrupted website, as software related to package tracking or other, legitimate file types. However, FakeSpy also spreads through other methods, such as by attempting infecting any devices in the user's contact lists.
Few threats could maintain their potential as credible data thieves without regular updates, which FakeSpy shows in ample supply. New builds of FakeSpy use a different means of cloaking their Command & Control communications, and updated encryption. More generally, the spyware also can collect financial data and account credentials like passwords.
Don't Fall for Phone Fakery in Files
Whether on a computer, a phone, or any other internet-capable device, clicking links without vetting their safety, especially in e-mail messages, is a swift means of exposing oneself to a threat. Users should examine Web addresses for potential signs of misleading domains or other issues, and navigate to sites manually whenever it's practical. Attacks by Roaming Mantis and other threat actors will routinely employ deceptive practices like cloning legitimate websites, obfuscating URLs, and in rarer cases, even hijacking download attempts or breaching Web supply chains.
Despite the name, FakeSpy is fully-functional spyware and can exfiltrate data from compromised Android phones without showing overt signs for the devices' owners. Users should disable network connections while dealing with infections as part of limiting the further theft of data. They also should change passwords and account credentials such as security questions.
Updates to threat databases are valuable for identifying regularly-modified and patchable threats like FakeSpy. Android anti-malware programs should delete FakeSpy and block websites associated with Roaming Mantis, but users should leave as little to chance as possible.
With FakeSpy finding itself in more countries than ever before, 2020 isn't the time to relax one's phone security standards. Whether on the Internet or elsewhere, spies are always waiting for an opportunity that lets them grab the intelligence they need.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.