Smishing Campaign Delivers TianySpy to Android and iOS Devices
The TianySpy Malware is a high-profile threat, which is likely to be developed and used by an elite Advanced Persistent Threat (APT) actor. One of the unique things about this mobile malware is that it does not target just Android devices – iOS users may also fall victim to it. Furthermore, the criminals behind it are using the relatively unpopular smishing method of delivering the payload. Smishing is used to describe text messages delivering malicious links and files to victims. The criminals behind the TianySpy Malware were obfuscating the devious text messages to look as if they came from a local telecommunications company.
While iPhones have fallen victim to malware before, this is the first scenario in which the criminals behind the campaign are relying on a smishing attack. Active samples of the TianySpy Malware were discovered in the end of September and beginning of October, 2021.
It appears that the goal of TianySpy Malware is to exfiltrate data from the victim, as well as to control their Web browser in a specific manner. The primary features for the Android version can:
- Control and monitor Wi-Fi settings.
- Display a fake website of a telecommunication company.
- Steal information from the victim, and then exfiltrate it via email.
- Display fake/malicious sites in the Web browser.
While the iPhone functionality of the TianySpy Malware is likely to be more limited, it is still a threat that should not be underestimated.