A sophisticated, ongoing espionage campaign aimed at Android users in Asia is likely the work of the OceanLotus advanced persistent threat (APT) actor, researchers said this week.
Dubbed PhantomLance by Kaspersky, the campaign is centered around a complex spyware that’s distributed via dozens of apps within the Google Play official market, as well as other outlets like the third-party marketplace known as APKpure.
The effort, though first spotted last year, stretches back to at least 2016, according to findings released at the SAS@home virtual security conference on Tuesday.
The spyware is fairly narrow in its focus when it comes to functionality, researchers said. It can gather geolocation data, call logs and contacts, and can monitor SMS activity; the malware can also gather a list of installed applications, as well as device information, such as the model and OS version.