Latest news with #LunaSpy
Tom's Guide
2 days ago
- Tom's Guide
This Android spyware is posing as an antivirus app to steal your photos and passwords — how to stay safe
In an attempt to protect yourself online, you might have downloaded a seemingly safe antivirus app that turned out to be a malicious app spreading dangerous spyware. Unfortunately, it may have come via a random Telegram or strange text message from a friend too. The LunaSpy Android spyware program was reported on in a recent Kaspersky blog post which revealed that the spyware has been infiltrating phones since at least February of this year. Allegedly, LunaSpy can be sent via messaging apps and sold as an antivirus program and sometimes as a banking protection app. The spyware pretends to scan your device for viruses to trick you into granting permissions to the app. However, doing so enables it to steal data, track you, and even record audio and video. While it pretends to run antivirus scans, LunaSpy is actually swiping passwords, recording your screen, and even running commands on your phone. Kaspersky even found unused code that would allow it to steal your photos. If you're data is stolen via LunaSpy, it's reportedly sent to over 150 command and control servers. These servers are then used by cybercriminals to communicate with and control infected devices. A spyware or malware infection can come from clicking on malicious links, downloading attachments in emails from unknown senders or through piracy. However, one of the most common ways to be infected is through both official and unofficial app stores. In the LunaSpy case, it can be traced back to malicious links. With that in mind, you need to be extremely careful putting new apps on your Android phone and especially ones recommended by others through messages on social media or over text. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. If you haven't heard of an app before, look for it in the Google Play Store and read reviews as well as check its ratings first. Since these can both be faked though, you'll want to look for external reviews on other sites. Video reviews are especially helpful as they give you a chance to see the app in action. For Android phones, you want to make sure that Google Play Protect is enabled on your devices Even good apps can go bad when injected with malicious code, we recommend limiting the number of apps you have installed overall just to be safe. Fewer apps means less risk that you've downloaded a malicious one or a legitimate app that has been taken over by hackers. For Android phones, you want to make sure that Google Play Protect is enabled on your devices. It's a free and built-in security app that scans your existing apps and any new ones you download for malware and other malicious activity. You might also want to consider running one of the best Android antivirus apps alongside it for additional protection. Malicious apps aren't going anywhere, and suspicious links are only one prong in hackers' attempts to get sensitive data. However, if you pause before tapping on a strange link and limit the number apps on your phone, your chances of getting infected go down significantly. Additionally, you'll want to discuss these safety practices with your younger and older family members and friends since not clicking suspicious links and investigating any new apps before you download them is key to keeping your loved ones safe from hackers.
Mint
2 days ago
- Mint
Beware the strange file in your messages: This 'antivirus' app fakes scans, then watches everything
An antivirus app is supposed to keep digital predators away, but this Android app turned out to be the predator itself. Security researchers have flagged a new Android spyware strain called LunaSpy that dresses up as an antivirus or 'banking protection' tool and spreads through messaging apps like Telegram. The ruse is simple and effective. It launches a convincing scan, throws up scary 'threats found' warnings, and then asks for broad permissions under the pretext of fixing problems. Once those permissions are granted, the app pivots to surveillance, not security. LunaSpy's fake scan is a permission trap. With accessibility access, notification access, and other high‑risk privileges in hand, the app can read texts, pull credentials from browsers and messengers, track your location, and even record audio or video. Researchers report that stolen data is funneled through a sprawling network of around 150 servers, suggesting an operation designed for scale and redundancy. The latest builds reportedly include dormant code to target photo theft, a sign that its authors plan to expand what the spyware can siphon in future updates. None of this relies on a novel exploit. It leans on social engineering: urgency, fear, and trust in a familiar 'antivirus' interface. The installation path is the tell. Victims are nudged to sideload an APK from a chat link, sometimes from a friend or contact whose account has been compromised, rather than use the Play Store. After installation, the app asks for a laundry list of privileges that no honest consumer antivirus distributed via official channels would need to request up front, especially from a cold start. The moment those permissions flow, the device becomes chatty in the background, with logs, credentials, media, and sensor data queued for exfiltration. That makes this threat less about a single feature and more about the combination of pretend remediation, sweeping privileges, and steady data flow to remote infrastructure. Distribution rides on haste and misplaced trust. A link arrives in Telegram or another messenger, perhaps framed as an urgent fix for a bank login problem or a way to harden your device before a trip. The design mirrors legitimate tools closely enough to win a tap. From there, LunaSpy relies on Android's permission model to get exactly the keys it needs. The countermeasure is straightforward, if a bit strict. Do not install APKs from chat links, even if they come from someone you know. If a 'security' app is not from a reputable brand and available on the Play Store, treat it as hostile by default. If you recently installed an antivirus or banking protection tool from a message, uninstall it immediately. Then open Settings and review app permissions, focusing on accessibility, notification access, device admin, SMS, camera, microphone, location, and file access. Revoke anything that looks excessive, update Google Play Protect, and run a scan. Change passwords for accounts that store credentials in your browser or messaging apps, and enable two‑factor authentication on critical services. If you suspect persistent compromise, back up your data and perform a factory reset, then restore only trusted apps from the Play Store. The broader lesson is to be sceptical of urgency. Real security tools do not need to scare you into granting sweeping control, and they do not arrive as surprise downloads in your chats. LunaSpy thrives on the gap between how security products look and how they should behave; closing that gap starts with refusing the install path it depends on.
Android Authority
3 days ago
- Android Authority
This so-called Android 'antivirus' is just a front for spyware
Mishaal Rahman / Android Authority TL;DR LunaSpy Android spyware hides as an antivirus or banking protection app, spreading via messaging apps like Telegram. It fakes virus scans to trick you into granting permissions, then steals data, tracks you, and can even record audio or video. Avoid downloading APKs from messenger links and be wary of unknown security apps requesting broad permissions. Think you're beefing up your Android phone's security? If the antivirus app you just installed came from a random Telegram or a suspiciously out-of-context message from a friend, you might've just invited a spy into your pocket. Don't want to miss the best from Android Authority? Set us as a preferred source in Google Search to support us and make sure you never miss our latest exclusive reports, expert analysis, and much more. A daily Kaspersky blog post says a new piece of Android spyware called LunaSpy has been making the rounds since at least February 2025, slipping onto phones through messaging apps. Sometimes it's pitched as an antivirus, and other times it's so-called banking protection. Either way, once you install it, it puts on a convincing show. It runs a fake scan, flashing scary 'threats found' warnings, and then asking for a laundry list of permissions under the guise that it can fix them. Those permissions aren't for fixing anything. Behind the curtain, LunaSpy can swipe passwords from browsers and messengers, record audio and video, read your texts, track your location, and even run commands on your device. The latest version even has unused code to steal your photos — possibly a preview of what's coming next. All of that data goes back to attackers through a sprawling web of about 150 servers. This means that you just need to be more vigilant than ever about what you're downloading. Don't grab APKs from messenger links, even if they come from someone you know, as their account could be hacked. And if an antivirus you've never heard of asks for access to everything on your phone, that's a good time to hit uninstall. Follow
