GnatSpy
GnatSpy is an updated version of VAMP, the Android phone-based spyware. GnatSpy boasts of various improvements to its system-examining and stealth features but retains the same purpose of giving the threat actor access to information. Phone users should remain careful about any interactions with possible phishing e-mail and dubious website-based content and depend on appropriate anti-malware protection for finding or deleting GnatSpy.
The Changes in a Vampire-to-Gnat Evolution
Private spyware rarely changes so much as VAMP, whose history of abuse in the hands of the 'Two-tailed Scorpion' hackers makes for an interesting footnote in the history of cyber-espionage. Its update of GnatSpy keeps the essential motive and data-monitoring and transferring technology of its ancestor, but also has many improvements. Unfortunately for any victim of its attacks, much of these additions include anti-AV considerations.
GnatSpy is an Android phone-based threat, just like VAMP or SECUREUPDATE from the same threat actor. Its payload's arsenal consists of attacks like collecting contacts and messaging history, as well as recording audio calls. Substantial changes to GnatSpy's code, however, imply that a different programmer is responsible for this build of VAMP, which displays superior coding practices. Also unusually, GnatSpy includes at least one omission from its ancestor's payload: it doesn't check the victim's device location via OpenCellID.
GnatSpy has better receiver and service support than its predecessor, uses Java-based reflection and annotating functions for evading AV vendors' heuristics, and includes a well-camouflaged C&C contact method that goes to great lengths for hiding the Web address. Along with these stealth considerations, malware experts also note GnatSpy's expansion of collected data for including more system information, such as battery status, and improved support for more-recent Android releases like Marshmallow.
Swatting a GnatSpy Before It Lands on Your Info
Many of the extra elements and changes in GnatSpy, compared to VAMP, make little to no difference to the victims' essential loss of information. However, GnatSpy is an example of both the rigorous maintenance process that state-sponsored Trojans undergo and the dangers of assuming that a threat, once identifiable, will remain so indefinitely. Users should update security solutions and software appropriately for lowering any risk of GnatSpy avoiding detection.
GnatSpy installations may use multiple infection vectors. Two-Tailed Scorpion, AKA APT-C-23, uses a combination of unsafe applications, websites and phishing e-mail tactics for compromising their targets. Scanning downloads, disabling hazardous features like JavaScript, and learning the standard signs of phishing attacks will offer significant protection for all users. Geographically, the Middle East and North America are regions of particular interest to this threat actor.
In theory, most updated anti-malware products should retain their capacity for uninstalling GnatSpy or identifying an installation exploit, and are recommended for any disinfection.
GnatSpy buzzes quietly by the ears of those who may not be listening to the sound of a compromised phone as carefully as they should be doing. It is, unfortunately, more than a minor pest, and offers enormous data-collecting capabilities to the criminals manning its servers.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.