Spyware concealed in fake Android security apps can steal your data

Facepalm: LunaSpy masks as security apps to steal Android users' data.

: LunaSpy is a newly discovered spyware campaign targeting Android devices by masquerading as legitimate antivirus software, as reported by Kaspersky. The spyware has been active since at least February 2025 and is spread through messaging apps, chat sessions, and certain Telegram channels. Users are deceived into installing the app, which then mimics security alerts to gain access to sensitive data such as passwords, audio, video, texts, and even location. The campaign employs roughly 150 domains and IPs for command-and-control servers, prompting experts to advise caution with third-party apps and rigorous scrutinization of app permissions.

Kaspersky, a prominent cybersecurity company based in Moscow, recently identified LunaSpy, a malicious campaign functioning under the guise of antivirus software targeting Android devices. Active since at least February 2025, LunaSpy navigates through digital communication channels to infiltrate users' systems. It takes advantage of people's trust in supposed security updates to deceive them into downloading spyware, posing significant risks to sensitive data.

The software capitalizes on fake security threats to gain users' trust and gain unauthorized access. Once installed, LunaSpy alerts users of bogus threats to prompt further engagement. Its evolving nature allows it to extract passwords, read messages, and collect GPS information. The malicious software extends its reach by infiltrating microphones and cameras, indoctrinating even deeper privacy violations.

Kaspersky's research reveals a sophisticated network of approximately 150 domain names and IP addresses working as command-and-control servers. This expansive setup supports data whereabouts and instructions to maintain operational effectiveness. Security experts suggest LunaSpy could be an auxiliary tool in larger cyber-espionage undertakings.

Users must exercise caution when interacting with unsolicited or third-party applications, as LunaSpy often spreads through Telegram channels and compromised social media accounts. Experts urge scrutiny regarding permissions granted to apps, emphasizing the risks that come with unauthorized installations from non-verified sources.

Exposing these dangers spotlight the critical role security practices play in technology today. Users must remain vigilant, keeping their digital environments secured by only using reputable applications, ensuring permissions align with functional requirements, and regularly auditing active software to minimize threats like LunaSpy before any data breaches occur.

Sources: Kaspersky, TechSpot

CybersecurityMobileSecurity