This dangerous malware got around Google Play Store security

News
By published

PhantomLance malware campaign had been live for years

(Image credit: Shutterstock.com)

Security experts have revealed a dangerous malware campaign called PhantomLance which has been apparently lurking in Google's official Play Store marketplace.

Dozens of malicious apps infected with the malware are being distributed via the Play Store and alternate app stores such as APKpure and APKCombo, often targeting users to spy on their habits and steal data.

According to security firm Kaspersky, this malware campaign has been live for over 4 years, and is likely the work of the OceanLotus advanced persistent threat (APT) group, thought to be based out of Vietnam.

PhantomLance spyware 

First discovered by researchers at BlackBerry in October 2019, the malware mainly targets users in Vietnam, Bangladesh, Indonesia, and India to collect information such as location data, call logs and contacts, and can even monitor SMS activity, and read the phone’s OS version, model and list of installed applications.

This campaign was discovered after Kaspersky came across a Dr Web report from 2019 concerning a Play Store app that came with a backdoor allowing a Trojan to install malware and exfiltrate data from the device. 

The Russian security firm found traits of malware in multiple applications distributed via the Play Store. These apps are said to come with a high level of encryption and were more complex than most other malware used by cyber thugs to steal personal and financial data.

"PhantomLance has been going on for over five years and the threat actors managed to bypass the app stores' filters several times, using advanced techniques to achieve their goals," said Kaspersky researcher Alexey Firsh.

According to the report, the "the threat actor was able to download and execute various malicious payloads, and thus adapt the payload that would be suitable to the specific device environment, such as the Android version and installed apps."

"This way, the actor was able to avoid overloading the application with unnecessary features and at the same time gather the desired information." It further adds.

The hackers would first upload a clean copy of an application on the Play Store and other app repositories. Once the application was approved, the follow-up versions contained malicious payloads or requisite codes to install apps in the background on the compromised device.

Via: ZDNet

TOPICS
Jitendra Soni
Jitendra Soni

Jitendra has been working in the Internet Industry for the last 7 years now and has written about a wide range of topics including gadgets, smartphones, reviews, games, software, apps, deep tech, AI, and consumer electronics.  

Latest in Security
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak
A major Keenetic router data leak could put a million households at risk
Code Skull
Interpol operation arrests 300 suspects linked to African cybercrime rings
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Multiple routers hit by new critical severity remote command injection vulnerability, with no fix in sight
Code Skull
This dangerous new ransomware is hitting Windows, ARM, ESXi systems
An abstract image of a lock against a digital background, denoting cybersecurity.
Critical security flaw in Next.js could spell big trouble for JavaScript users
Latest in News
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
More about security
cybersecurity

Chinese government hackers allegedly spent years undetected in foreign phone networks
Data leak

A major Keenetic router data leak could put a million households at risk
HDD

Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
See more latest
Most Popular
HDD
Seagate teams with Nvidia to build an NVMe hard drive proof of concept, more than 3 years after its last effort
Open AI
OpenAI live stream - could we see a major ChatGPT upgrade?
NetSuite EVP Evan Goldberg at SuiteConnect London 2025
"It's our job to deliver constant innovation” - NetSuite head on why it wants to be the operating system for your whole business
Apple WWDC 2025 announced
Apple just announced WWDC 2025 starts on June 9, and we'll all be watching the opening event
Hornet swings their weapon in mid air
Hollow Knight: Silksong gets new Steam metadata changes, convincing everyone and their mother that the game is finally releasing this year
OpenAI logo
OpenAI just launched a free ChatGPT bible that will help you master the AI chatbot and Sora
Monster Hunter Wilds
Monster Hunter Wilds Title Update 1 launches in early April, adding new monsters and some of the best-looking armor sets I need to add to my collection
cybersecurity
Chinese government hackers allegedly spent years undetected in foreign phone networks
Sony WF-C710N in blue glass on beige background
Sony WF-C710 earbuds land, and I think they'll be the 2025 budget buds to beat
The RIG M2 Streamstar attached to a boom arm.
The RIG M2 Streamstar has the world's first Bluetooth audio gateway in a wired gaming microphone