What is FastSpy Android Malware?
FastSpy is a newly discovered malicious package targeting Android devices. The malware belongs to a trio of malicious packages attributed to the North Korean threat actor known by the alias Kimsuku group.
The trio of Android malware packages is made up of FastSpy, FastFire and FastViewer. FastViewer is distributed under the guise of a file-viewing application that has had malicious code injected into it. FastFire, on the other hand, is masquerading as a Google security plugin.
The FastSpy malware is dropped by the FastViewer malicious package. FastViewer is disguised as the legitimate Hancom Office Viewer app, but the package has been modified to include malicious code.
Once FastViewer is installed on an Android device and is used to open a specific file doctored by the threat actors, the FastSpy package is downloaded. FastSpy is used for remote control functionality. The malware abuses the Android accessibility API - behavior typical for many strains of Android malware.
The malicious package can exfiltrate messages and files from the compromised Android device.