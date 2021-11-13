This spyware campaign has already infected thousands of people in South Korea, and promises to spread to other countries around the world.

Most hackers turn to the Android ecosystem because it is somewhat more open than iOS, to distribute different malicious applications that have the aim of taking control of the victim’s mobile phone to steal bank credentials or to extract personal information that you can use in the future for as many campaigns.

And now the security firm Zimperium just discovered a collection of spyware applications, which they have dubbed PhoneSpy, and that they are posing as other useful tools.

And it is that PhoneSpy disguises itself as a standard mobile application that aims to transmit movies, help users learn yoga or search for photo collections, among many other tools, but in reality what it does is stealing documents, photos, videos and even the phone’s user credentials.

PhoneSpy is a very dangerous spyware campaign, because after infecting the terminal it will transmit precise GPS location data, share your photos and messages, share the list of contacts and documents downloaded and that could be used in the future for blackmail or espionage.

Zimperium lists everything that PhoneSpy spyware can do on your phone if it gets infected:

Complete list of installed applications

Steal credentials by phishing

Steal images

GPS location monitoring

Steal SMS messages

Steal call logs

Record audio in real time

Steal phone contacts

Record video in real time using front and rear cameras

Access the camera to take photos with the front and rear cameras

Send SMS to an attacker-controlled phone number with attacker-controlled text

Extract device information (IMEI, brand, device name, Android version)

Hide your presence by hiding the device drawer / menu icon

As you can see, you have to take it very seriously and not fall for this campaign that right now has been born in South Korea under 23 applications that apparently have already been withdrawn, but that have been installed thousands of times by the citizens of that country.

While they are spyware apps Aimed at the South Korean public and that are translated only into Korean, they must be paid attention, because it is likely that they will end up expanding to other countries in the world under other types of applications or translations.

Basically what you should do is avoid installing applications that are not known, even ignoring many of the reviews since some are usually paid or false.