Novel Android spyware strain versions leveraged by APT41

Chinese state-sponsored threat operation APT41, also known as Bronze Atlas, Winnti, Brass Typhoon, Axiom, Blackfly, HOODOO, and Wicked Panda, has launched recent attacks deploying new versions of the DragonEgg and WyrmSpy Android spyware strains, according to The Hacker News. Attackers have leveraged third-party Android keyboards and messaging apps to facilitate the distribution of DragonEgg, while newer versions of WyrmSpy have been integrated into apps masquerading as Adobe Flash, Baidu Waimai, and adult video content, a report from Lookout showed. Both DragonEgg and WyrmSpy, which were found to use a command-and-control server with a domain linked to APT41 infrastructure, not only facilitate data gathering and exfiltration, but also enable photo, SMS message, audio recording, and location harvesting. "The discovery of WyrmSpy and DragonEgg is a reminder of the growing threat posed by advanced Android malware. These spyware packages are highly sophisticated and can be used to collect a wide range of data from infected devices," said Lookout Senior Threat Researcher Kristian Balaam.