LightSpy
LightSpy is a newly discovered spyware implant that affects iOS versions from 12.01 to 12.2. In addition to this, the implant may be able to work on the previous generation 11.03 iOS version. IOS - compatible malware is a relatively rare sight, and the LightSpy appears to be a piece of software that has been developed by highly-skilled cybercriminals. Experts who identified the LightSpy payload and analyzed its infrastructure, have determined that this threat is likely to originate from China. Still, its development cannot be attributed to a specific APT group operating from the region. However, experts suspect that it might be linked to Spring Dragon, also known as Lotus Blossom.
The LightSpy Spyware Kit is Used against Hong Kong Activists
The scope of the LightSpy campaign appears to be very limited – the attackers use propagation techniques that target Hong Kong protesters exclusively, another confirmation that the threat is likely to be used by a Chinese-based cybercrime group.
The attackers use a wide range of techniques to reach their intended demographic:
- Direct messaging via email and various social media networks.
- Phishing emails.
- Fake messages on online forum boards.
- Posts on Instagram and various Telegram channels.
The perpetrators host the corrupted payload and exploit kit on custom-made Web pages that are hosted on various domains such as Appledaily.googlephoto.vip, facebooktoday.cc, news2.hkrevolution.club, googlephoto.vip, and others. The first domain on the list, Appledaily.googlephoot.vip, hosts a fake page designed to look like the website of 'Apple Daily,' a newspaper popular in Hong Kong.
LightSpy Provides its Operators with Access to WeChat, QQ and Text Messages History
If the payload is planted successfully, the infected device would connect to one of the pre-defined control servers and wait for commands to execute. The LightSpy implant supports a wide range of commands that would enable its operator to exfiltrate all kinds of sensitive information from iOS devices:
- Execute remote commands.
- Extract text messages, call history, and contacts.
- Manage text messages.
- Obtain information about WeChat accounts, contacts, messages, groups and shared files.
- Use the GPS to obtain location information.
- Upload file to the infected device.
- Download files from the infected device to the control server.
- Obtain information about QQ accounts, contacts, messages, groups and shared files.
- Extract WiFi connection history, as well as information about WiFi networks available nearby.
- Receive a list of installed apps and running processes.
LightSpy is not the first piece of malware to be used against the Hong Kong protesters, but it is the first one to target iOS devices exclusively.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.