New Android Spyware Campaign Targets South Koreans via AWS
Essential information
- Published
- 01/10/2024 19:25
- Modified
- 01/10/2024 20:20
- Tags
- 2024-10-01 android aws cloud security data exfiltration mobile malware south korea spyware stealth techniques
- Related entities
- 5 vulnerabilities (cve), 7 observables, 5 techniques (mitre), 1 others
Description
A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts, images, and videos. The spyware, which has evaded detection by major antivirus solutions, mimics legitimate applications and operates with minimal permissions. Upon installation, it collects data and stores it in JSON files before transmitting it to the C&C server. The campaign highlights a growing trend of attackers using trusted cloud services to host malicious infrastructure, making detection more challenging.