Kaspersky accused the APT32 hacker group of using the Google Play Store to spread spyware for years
Recently, Kaspersky security researchers discovered a malicious attack campaign called PhantomLance targeting Android device users, possessing malicious payloads as spyware embedded in applications distributed across various platforms, including the Google Play Store and alternative Android app stores such as APKpure and APKCombo.
Specifically, according to Kaspersky's conclusion, PhantomLance has many features that overlap with previously discovered malicious attacks on Windows and macOS due to OceanLotus (also known as APT32), to know more about This hacker group you can read on Wikipedia) is behind the operation. Therefore, it is not without grounds that Kaspersky believes OceanLotus is also the organization behind PhantomLance campaign.
'The campaign has been in operation since at least 2015 and is ongoing, including multiple versions of complex spyware, designed to collect victim data. Along with that is a smart distribution strategy, through dozens of applications on Google Play and other Android application download platforms, '' the Kaspersky team said.
Focus on collecting and stealing information
The reason Kaspersky was able to detect the PhantomLance campaign was due to Doctor Web's report of a new backdoor trojan they found on the Play Store, which was designed to be relatively complicated to steal login and financial information. Android users mainly in Southeast Asia, excluding Vietnam. These data include geographic location, call logs, contacts, text messages, list of installed applications and victim's device information.

Not only that, hackers can download and execute various malicious payloads. Therefore, they can adjust the payload to suit the specific environment on the device, such as Android version and installed applications. 'In this way, they can limit the malicious application is overloaded by unnecessary features, and accurately collect the desired data. "
Distributed via multiple Android application download platforms
Kaspersky released a list of Android applications containing PhantomLance malware samples and was later removed from the Play Store by Google in November 2019. Specifically:
Not only the Play Store, PhantomLance is also distributed on a variety of other major Android app download platforms, such as https: // apkcombo [.] Com, https: // apk [.] Support /, https : // apkpure [.] com, https: // apkpourandroid [.] com, and some other platforms.
To avoid being detected and prevented by these platforms, hackers will first upload clean application versions that do not contain any malicious payloads. However, in later updates of the application, malicious payloads will be attached and sent to the victim's device.
"PhantomLance has been going on for more than 5 years and the threat agents have been very successful in trying to bypass the app store's advanced security filters many times with advanced techniques."
Currently, APT32 and PhantomLance campaign are still being closely monitored by Kaspersky.
You should read it
- Teen hacker is believed to be behind the notorious hacker group Lapsus$
- How to protect yourself from unethical or illegal espionage
- Notorious hacker group Hafnium deployed malicious code to target Windows, Microsoft stood still
- Discovered a group of Vietnamese hackers specializing in stealing credit cards for the past 8 years
- Beware of the 'Windows 11 Alpha' cyberattack campaign
- Hacker uses browser extension to take over target's Gmail account
- 17 skills needed to become a hacker
- This is a group of hackers who have successfully hacked Tesla's autopilot system, they hacked Safari on Mac OS in just 20 seconds.
May be interested
- Why was the app removed from the Google Play Store?have you ever searched for an app that used to appear on the google play store but now can't find it? do not worry. android apps are pulled from the play store for a variety of reasons.
- The best Google Play Store tips and tricks for Android usersfor many, google play store is just a 'supermarket' app: find the app, click install to download. however, play store has a lot of little-known features and secrets, which can help you enjoy android quickly. here are some tips and tricks that make managing applications easier on android devices.
- Google Play Store update, add My Account pagegoogle will soon release a software update for the play store application, designed in material design style. recently google has added a new my account page.
- How to change the country / region on Google Play Storewhether you've recently moved to a new location or want to try accessing another area on the play store (be extra careful when doing this), here's how to change the country settings in google play.
- Decode all errors that appear on Google Play and how to fix them (Part 3)during the installation or updating (update) of applications such as facebook, messenger, whatsapp, ... some users encounter a fix play store error 11 error. usually the simplest solution to fix the error is to restart the android device. but this solution is only temporary, or sometimes it cannot fix the fix play store error 11.
- The Google Play Store app store refreshes the entire interfacethe new google play store interface looks brighter and clearer with greener and more white headlines.
- 5 alternatives to Google Play Store can be installed on Android TVit may not be as strictly controlled as apple's tvos or simply used as the roku platform, but in return, android tv has unlimited customization capabilities.
- How to Use the Google Play Storethis wikihow teaches you how to use the google play store to download apps, books, videos, movies, and tv shows. any media you purchase from the play store will be available for listening, viewing, or reading through your google account on...
- The Google Play Store displays the app's rating, capacity, and downloads right in the search resultspreviously, such information was not displayed in the search results of the google play store, but users will have to open the list of applications to view details.
- Google Chrome accused Symantec of granting more than 30,000 digital certificate certificates that did not meet the quality standardsgoogle recently announced it would not accept all ev certificates issued by symantec after discovering more than 30,000 invalid ev certificates issued by symantec in the last few years.