Cybersecurity experts have identified a new iteration of the LightSpy malware, which now includes an expanded array of data collection capabilities targeting social media platforms such as Facebook and Instagram. Originally documented in 2020, LightSpy is a modular spyware designed to infiltrate both Windows and Apple systems to extract sensitive information.

Enhanced Data Collection Features

The updated LightSpy spyware can now gather a wide range of data, including Wi-Fi network details, screenshots, location data, iCloud Keychain, sound recordings, photos, browser history, contacts, call history, SMS messages, and information from various applications like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp.

Increased Plugin Support

In a recent update, the number of supported plugins has increased from 12 to 28, incorporating destructive capabilities that can prevent compromised devices from booting. This expansion highlights the malware's adaptability and its potential overlap with the Android malware known as DragonEgg.

  • Cross-Platform Threat: LightSpy now supports over 100 commands across Android, iOS, Windows, macOS, routers, and Linux.
  • Operational Control: The malware's new command list emphasizes broader operational control, including transmission management and plugin version tracking.

Targeting Social Media and System Surveillance

The latest analysis reveals that LightSpy can now extract data from Facebook and Instagram application database files on Android devices. Interestingly, iOS plugins related to destructive actions have been removed, indicating a shift in strategy.

Windows-Specific Enhancements

Fifteen new Windows-specific plugins have been discovered, focusing on system surveillance and data collection. These plugins are primarily designed for keylogging, audio recording, and USB interaction.

  • Remote Control Capabilities: An endpoint in the admin panel allows logged-in users to remotely control infected mobile devices.
  • Expanded Surveillance: The ability to extract private messages and account metadata from social platforms increases the malware's surveillance capabilities.

Emerging Threats: SpyLend and FinStealer

In addition to LightSpy, a new Android malware named SpyLend has been identified. Disguised as a financial app called Finance Simplified, it targets Indian users with predatory lending practices and extortion.

SpyLend's Deceptive Tactics

SpyLend leverages location-based targeting to display unauthorized loan apps within WebView, bypassing Google Play Store scrutiny. Once installed, these apps harvest sensitive user data and employ blackmail tactics.

  • Targeted Campaign: The app specifically targets Indian users, while users outside India receive a harmless version.
  • Extensive Permissions: The fraudulent app gains access to files, contacts, call logs, SMS, clipboard content, and even the camera.
The link has been copied!