Zimperium Detects New Android Spyware Targeting South Korea
September 2024 by Nico Chiaraviglio, Chief Scientist - Zimperium
In the ever-evolving landscape of mobile security threats, a recent discovery has once again highlighted the critical importance of robust, on-device protection for Android users. Security researchers at Cyble have uncovered a new Android spyware campaign primarily targeting individuals in South Korea. This sophisticated malware, masquerading as legitimate applications, poses a significant threat to user privacy and data security.
The malware employs a range of invasive capabilities, including the ability to access and exfiltrate sensitive user data such as contact lists, images, videos, and SMS messages. All these capabilities are achieved using a very simple source code and few key permissions. This allowed the campaign to avoid being detected by other major security vendors.
Zimperium’s Mobile Threat Defense (MTD) and its Mobile App Protection Suite (MAPS), have been designed to stay ahead of emerging threats. Our on-device, dynamic malware detection systems can accurately detect all samples reported in the Indicators of Compromise (IOCs) for this spyware campaign. Furthermore, this detection capability isn’t a recent addition – the classifiers deployed in production eight months ago were already able to identify these threats in a zero-day fashion. According to the original research, this campaign has been active since June 2024.This means that Zimperium customers were protected from the very beginning of it.