A small malware campaign is leveraging spyware called BusyGasper, which is highly effective at collecting data on Android phones and exfiltrating it. The malware is unsophisticated, but loaded with 100 uniquely implemented features ranging from device sensor listeners, motion detectors and the ability to process a user’s screen taps.
The mobile malware was identified by researchers at Kaspersky Lab in early 2018 and is believed to have been active since May 2016. The location of the malware author is unknown; however, the FTP server used as the hacker’s command-and-control (C2) is located on the free Russian web hosting service Ucoz. Researchers also made a Russian connection based on victim names (Jana, SlavaAl, Nikusha) found on files recovered by researchers on the FTP server.
“BusyGasper is not all that sophisticated, but demonstrates some unusual features for this type of threat. From a technical point of view, the sample is a unique spy implant with stand-out features… that have been implemented with a degree of originality,” wrote Alexey Firsh, a cyber-threat researcher at Kaspersky Lab, in a technical write-up
describing the malware posted on Wednesday.
