LightSpy

Malware & Tools · LightSpy

· MalwareS1185 · Zararlı Yazılım

Type

malware

Techniques

Used By

1 groups

Platforms

Android, Windows, iOS, macOS

Description

First observed in 2018, LightSpy is a modular malware family that initially targeted iOS devices in Southern Asia before expanding to Android and macOS platforms. It consists of a downloader, a main executable that manages network communications, and functionality-specific modules, typically implemented as `.dylib` files (iOS, macOS) or `.apk` files (Android). LightSpy can collect VoIP call recordings, SMS messages, and credential stores, which are then exfiltrated to a command and control (C2) server.(Citation: MelikovBlackBerry LightSpy 2024)

Tactic Coverage

discovery (6)stealth (3)command and control (2)collection (2)exfiltration (1)execution (1)credential access (1)

Used By (1 groups)

G0096APT41Wicked Panda, Brass Typhoon

Techniques (16)

T1027.001Binary Padding

stealth

T1027.013Encrypted/Encoded File

stealth

T1041Exfiltration Over C2 Channel

exfiltration

T1046Network Service Discovery

discovery

T1057Process Discovery

discovery

T1071.001Web Protocols

command and control

T1082System Information Discovery

References

https://attack.mitre.org/software/S1185 https://blogs.blackberry.com/en/2024/04/lightspy-returns-renewed-espionage-campaign-targets-southern-asia-possibly-india