Cybercriminals were spotted using the likes of a former adult film star to spread a multiplatform spyware disguised as an adult game.
Dubbed Maikspy, the malware is promoted as the Mia Khalifa Game using various twitter accounts spreading malicious links to unsuspecting users., according to a May 8 Trend Micro blog post.
The links redirect users to a booby-trapped website that distributes other malicious apps and connects to a C&C server to upload data from infected devices and machines.
Once the malicious APK file is installed and launched it will send the infected device’s Unix timestamp to 0046769438867, a phone number containing Sweden’s code, presumably for the device’s ID registration. Afterwards, the Maikspy-carrying app will display “Error: 401. App not compatible. Uninstalling…” in an attempt to trick the user into thinking the app is being removed from the device when the malware is just hiding itself and running in the background.
The malware is capable of targeting both Android and Windows users and is capable of stealing phone numbers, account information, a list of installed apps, contacts, photos, and SMS messages.
A similar app called the Virtual Girlfriend Game was also being promoted by multiple Twitter handles sharing links that lead to the same malicious domain to spread the same malware. The threat actors have been active since December 2016 when the first variant of the malware appeared on the Windows platform and by January 2017, the threat actors had developed an Android version of the malware.
The best way to prevent infection is to only download apps from Trusted App stores such as Google play and always be sure to understand the risks before accepting any terms granting certain permissions to apps.