Jump directly to the content

CYBERSECURITY experts have uncovered a mobile spyware application targeting Android smartphones.

The malware hides itself on the home screen and operates stealthily in the background, managing to "steal" confidential data and monitor user activity.

LianSpy is the latest mobile spyware to be discovered that targets Android smartphones, recording user activity and screens, accessing call logs, and more
2
LianSpy is the latest mobile spyware to be discovered that targets Android smartphones, recording user activity and screens, accessing call logs, and moreCredit: Getty

The rise of smartphones has also led to a rise in hackers, who, in turn, create apps designed to steal sensitive data and spy on a user's day-to-day activity.

Spyware tends to be selective about its victims, typically targeting members in a single company or a certain area.

The latest mobile spyware discovery, dubbed LianSpy, targets Android smartphones in Russia.

However, its unorthodox approaches to tracking user data can be applied in other regions as well, meaning all Android users should potentially take note.

LianSpy was discovered in March 2024, though it has been active for far longer, operating in the shadows for at least three years.

Unlike other spyware, LianSpy requires users to take some action in order to fully launch and integrate itself in a user's phone.

Upon launching, the malware will run a check to see if has the necessary "permissions" to use overlays, read contacts, and access call logs.

If it doesn't, the spyware will "request" permission from the user, disguising itself as a system applications and financial services app to do so.

Despite its "disguise," LianSpy isn't interested in a user's banking data.

Instead, it monitors a user's activity while they use their Android device, intercepting call logs, sending installed applications to its own servers, and recording a user's screen.

Hidden Google button instantly exposes dangerous apps secretly ruining your Android – steps to follow after finding one

LianSpy hides itself on a user's home screen and manages to stealthily operate in the background using root privileges.

Also known as root access or superuser permissions, root privileges give Android users the "highest" level of access to their device.

This allows users to bypass manufacturer restrictions and:

  • Replace or modify a device's operating system
  • Install any apps, including specialized apps or apps not typically available on Android devices
  • Customize the device, e.g. changing the home screen or using ad blockers

Malicious Apps on the Official Android Store

Google Play is home to more than three million unique apps, many with regular, recurring updates.

Even Google doesn't have the necessary resources, time, and energy to monitor each app thoroughly.

That means some malicious apps have found their way to the Google Play store, disguising themselves as legitimate apps and games.

In 2023, malicious apps located in the Google Play store were downloaded over 600 million times.

Here are some of the biggest culprits:

  • Mini-Game Ads and Data Harvesting – 451 million downloads, 101 apps impacted, including a SpinOk code library
  • Data Harvesting and Click Fraud – 100 million downloads, 60 apps were found infected with Goldoson, showed ads by opening web pages within the app, collected user data, and tracked activity
  • Minecraft Clones – 35 million downloads, found in 38 Minecraft "clones," or apps designed to look like Minecraft; apps contained adware called HiddenAds
  • Scam Apps, Cash Rewards – 20 million downloads, found in apps like health trackers, which promised users cash rewards for walking and other activities, like Lucky Habit, Lucky Step-Walking Tracker, and Walking.Joy
  • Background Adware – 2.5 million downloads, found in apps like Music Downloader, News, Calendar, and TV/DMB Player
  • Chinese Spyware – 1.5 million downloads, found in apps like File Manager and File Recovery & Data Recovery
  • Fleckpe Subscription Trojan – 600,000 downloads, found in apps like GIF Camera Editor Pro, Photo Effect Editor, and Beauty Slimming Photo Editor

By using root privileges, LianSpy can bypass Android status bar notifications, which are used to alert users when their phone is actively using its microphone or camera to record.

LianSpy is a Trojan malware, which makes it especially difficult to find.

Also known as a Trojan Horse virus, LianSpy was likely delivered on select Android devices via "legitimate" files or apps, like a software update, email attachment, or a scam app.

Spyware isn't going away anytime soon, with hackers only growing more sophisticated as technology develops.

However, there are a few key steps users – especially Android smartphone owners – can take to help guard against spyware surveillance.

Downloading apps only from official stores and catalogs is a good start, but spyware does manage to infiltrate even those.

A good rule of thumb is to only download apps you need, and ensure that you're downloading applications from a trusted source, like a legitimate company or brand.

Android users should also only use well-known apps from trusted developers, and avoid "alternative" clients for messaging, like WhatsApp or Signal.

SIGNS YOUR ANDROID PHONE IS INFECTED

Here's Google's official list of signs that you might have malware on your Android phone...

You may have malware on your device if:

  • Google signed you out of your Google Account to help protect you from malware on your device.
  • You notice suspicious signs on your device, like pop-up ads that won’t go away.

Device symptoms

  • Alerts about a virus or an infected device
  • Anti-virus software you use no longer works or runs
  • A significant decrease in your device’s operating speed
  • A significant, unexpected decrease in storage space on your device
  • Your device stops working properly or working altogether

Browser symptoms

  • Alerts about a virus or an infected device
  • Pop-up ads and new tabs that won't go away
  • Unwanted Chrome extensions or toolbars keep coming back
  • Your browsing seems out of your control, and redirects to unfamiliar pages or ads
  • Your Chrome homepage or search engine keeps changing without your permission

Other symptoms

  • Your contacts have received emails or social media messages from you, but you didn’t send the emails or messages.

Conducting a spyware "sweep" from time to time can also be beneficial.

Giving a thorough look through your existing applications, permissions, and system preferences can help detect unwanted or unnecessary applications and permissions, allowing users a chance to update or delete those as needed.

Users with Android devices should also update their operating systems regularly, as malware can't always adapt to new security features and bug fixes.

Using spyware detection tools can occasionally be helpful, though some spyware can manage to avoid detection.

READ MORE SUN STORIES

Spyware, malware, trojans, and other viruses can't be eliminated altogether, but there are steps any Android smartphone user can take to help prevent attacks and monitor their own phone's security.

Even taking a few minutes on a few additional precautions can help keep Androids, user date, and user activity safe and secure.

Cybersecurity experts are warning Android users to be on the lookout for malware, trojans, and other viruses that may disguise themselves or "hide" on Android devices
2
Cybersecurity experts are warning Android users to be on the lookout for malware, trojans, and other viruses that may disguise themselves or "hide" on Android devicesCredit: Getty
Topics