A small malware campaign is leveraging spyware called BusyGasper, which is highly effective at collecting data on Android phones and exfiltrating it. The malware is unsophisticated, but loaded with 100 uniquely implemented features ranging from device sensor listeners, motion detectors and the ability to process a user’s screen taps.
The mobile malware was identified by researchers at Kaspersky Lab in early 2018 and is believed to have been active since May 2016. The location of the malware author is unknown; however, the FTP server used as the hacker’s command-and-control (C2) is located on the free Russian web hosting service Ucoz. Researchers also made a Russian connection based on victim names (Jana, SlavaAl, Nikusha) found on files recovered by researchers on the FTP server.
Leave a reply