Security researchers linked a surveillance toolkit called LightSpy to Chinese cyberespionage group APT41. The group used spam messages to convince users download a malicious WeChat application from third-party app stores.
Security researchers at ThreatFabric attributed use of LightSpy surveillance malware to the state-sponsored hacking group, also tracked as Wicked Panda. Unlike most threat actors, APT41has a history of using a variety of surveillance malware, compatible with iOS and Android devices. Cybersecurity firm Kaspersky detected LightSpy in 2020 in a watering hole attack targeting iOS users in Hong Kong.