Protect Yourself from New LunaSpy Spyware Targeting Android Users

Android users are currently facing an alarming cybersecurity threat known as LunaSpy. This extensive spyware campaign, reported by Kaspersky, has been active since at least February 2023. With over 150 domains and IP addresses functioning as command-and-control centers, LunaSpy poses a significant risk to users. In this article, we will explore the nature of LunaSpy and discuss essential measures to safeguard your device.

Understanding LunaSpy

LunaSpy is a sophisticated spyware targeting Android devices, masquerading as antivirus or bank security applications. Upon installation, it initiates a scan of your device, generating bogus “threats found” alerts to manipulate users into granting critical permissions needed to eliminate these fictitious threats. Once elevated permissions are granted, the spyware can perform various intrusive actions, including:

Recording audio and video
Accessing SMS and call logs
Extracting passwords from browsers and apps
Stealing photographs from the gallery

This spyware primarily spreads through messenger applications that distribute the malicious APK files for installation. The absence of a targeted demographic and the extensive network of over 150 command-and-control domains indicate a widespread threat, making it crucial to implement the protective measures detailed below.

Exercise Caution with APK Links in Messaging Apps

Downloading applications via APK files inherently carries risks, particularly when the links are sent through random messaging. Cybercriminals exploit social engineering tactics to enhance trust before distributing the malicious APK. This can occur under various pretexts, such as business propositions or device security enhancements.

Moreover, attackers may hijack the accounts of friends and family to disseminate the spyware, leveraging the natural trust established in personal relationships. Group chats can also serve as breeding grounds for these scams, with users unknowingly sharing links to LunaSpy disguised as premium antivirus software.

It’s essential to remain skeptical of any APK download links received in messaging apps, regardless of the sender’s identity. If in doubt, it is best to avoid opening such links altogether.

Disable “Install Unknown Apps”Permissions

To install an APK file, devices require permission to “Install unknown apps.”When activated, this permission can facilitate the installation of malicious software with minimal resistance. To prevent LunaSpy from infiltrating your device, it’s critical to verify that no apps possess this permission.

Navigate to your phone’s settings by selecting Privacy protection → Special permissions → Install unknown apps. Ensure that no applications are marked as Allowed in this section.

Install Unknown Apps Permission on Android

Be Judicious When Granting App Permissions

LunaSpy relies heavily on gaining elevated permissions to execute its functions. Many of the permissions it requests are critical and should never be granted to unknown applications. If you encounter an unfamiliar app that requests significant permissions, such as those listed below, exercise caution:

Accessibility service: Enables reading screen content and performing actions, essential for spying activities.
Device administrator: Prevents uninstallation of the spyware, ensuring persistence.
Draw over other apps: Allows LunaSpy to obscure prompts or present false information, commonly used for password theft.

Additionally, be wary of requests for common but sensitive permissions like accessing the microphone, camera, and storage.

Ensure Google Play Protect is Active

Google Play Protect is a built-in feature that scans your device for harmful applications, including those installed via APK files. In most cases, it can detect and mitigate threats like LunaSpy due to its elevated permissions and background activities. To confirm that Google Play Protect is enabled, open the Google Play Store, tap on your profile icon, and select Play Protect.

Play Protect option in Google Play Store

Within the Play Protect menu, tap Settings in the top-right corner. Ensure that both Scan apps with Play Protect and Improve harmful app detection are enabled. You can also initiate a manual scan by pressing the Scan button, allowing you to identify any potentially harmful applications installed on your device.

In addition to the measures outlined above, consider installing a reputable antivirus solution with real-time threat detection capabilities, such as Avast Antivirus. If you suspect your Android device may be compromised, stay vigilant and look for signs of spyware infection to take appropriate action.

Source & Images