New Android Spyware Campaign Targets South Koreans via AWS

NetmanageIT OpenCTI - opencti.netmanageit.com

New Android Spyware Campaign Targets South Koreans via AWS



SUMMARY :

A sophisticated Android spyware campaign targeting South Koreans has been uncovered by Cyble Research and Intelligence Labs. Active since June 2024, the malware exploits an Amazon AWS S3 bucket as its Command and Control server to exfiltrate sensitive personal data including SMS messages, contacts, images, and videos. The spyware, which has evaded detection by major antivirus solutions, mimics legitimate applications and operates with minimal permissions. Upon installation, it collects data and stores it in JSON files before transmitting it to the C&C server. The campaign highlights a growing trend of attackers using trusted cloud services to host malicious infrastructure, making detection more challenging.

OPENCTI LABELS :

data exfiltration,spyware,android,aws,mobile malware,south korea,cloud security,stealth techniques


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


New Android Spyware Campaign Targets South Koreans via AWS