The users of WeChata messaging application developed in China and active since 2007, were targeted by malware.
The malicious agent in question has been named LightSpy and falls within the context of mAPT (Mobile Advanced Persistent Threat), capable of exploiting sophisticated techniques to attack unfortunate victims.
According to reports from Cyber Security Newsthe malware in question works by using the app’s payment systems to access sensitive user data, from credit cards to private communications.
LightSpy is, in all respects, a real “modular surveillance toolset“, with several plugin (we are talking about 14) that can be combined depending on the hacker’s intentions. It must be said that, in the sights of cybercriminals, there is mainly the system WeChat Payused for the management of payments by users.
According to experts, the group is behind this campaign APT41one of the most prolific and feared hacker collectives in the world.
LightSpy targets WeChat with 14 plugins that make it even more fearsome
Among the most worrying plugins, according to security researchers, is the one that allows localization and victim tracking. This is able to monitor the movements of the device on which WeChat is installed, with detections at specified time intervals.
This plugin is based on two location detection frameworks viz Tencent Location SDK e Baidu Location SDK.
Another important component is plug-ins Soundrecord, responsible for recording the audio. This plugin can also start recording the microphone at the cybercriminals’ convenience or at specified intervals, even recording incoming phone calls.
Although the affected messaging app is not very popular in the West, the modus operandi adopted by cybercriminals with LightSpy is quite worrying. Its modular nature, in fact, makes it difficult to identify and deal with.
To avoid problems, as usual, the advice is to rely only on official stores for downloading apps. Additionally, adopting a can help antivirus for mobile devices to further reduce risks.