• Send Us A Tip
  • Calling all Tech Writers
  • Advertise
Sunday, July 12, 2026
  • Login
TechStory
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to
No Result
View All Result
TechStory
No Result
View All Result
Home Business

LianSpy: A New Spyware Threat Targeting Android Users in Russia

by Harikrishnan A
August 18, 2024
in Business, Markets, News, Tech, Trending, World
Reading Time: 3 mins read
0
Massive Data Breach Exposes Personal Information of 2.9 Billion People
TwitterWhatsappLinkedin

Cybersecurity experts have uncovered a new type of spyware, named LianSpy, that specifically targets Android smartphones in Russia. This malware stealthily embeds itself on devices, operating under the guise of a legitimate app while secretly stealing sensitive information and monitoring user activity. While its primary focus is on Russian users, the techniques used by LianSpy could easily be adapted to target Android devices elsewhere.

You might also like

The Impending Chasm OpenAI Face Potential Cash Exhaustion by Mid-2027

Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

Modern EV Batteries Are Lasting Far Longer Than Buyers Once Feared, New Data Shows

A Deceptive and Targeted Approach

LianSpy stands out for its targeted approach, unlike broader malware campaigns. It zeroes in on specific individuals or groups, likely within certain organizations or regions. Since its emergence in July 2021, its sophisticated evasion methods have kept it under the radar for more than three years.

Kaspersky, a leading cybersecurity firm, has provided insights into LianSpy’s operations. The malware disguises itself as either an Alipay app or a system service, thereby evading detection. Once installed, it gains root access to the device, enabling it to capture screenshots, steal files, and collect call logs.

Evasion Techniques and Operational Stealth

LianSpy employs several advanced techniques to avoid detection. It uses a modified “su” binary to gain root privileges, which are essential for its malicious activities. This reliance on a modified binary suggests that the malware might be delivered through unknown exploits or physical access to the device.

The malware also circumvents Android’s ‘Privacy Indicators’ feature, which alerts users when apps record screens or activate cameras or microphones. By manipulating system settings, LianSpy blocks these notifications, leaving users unaware of the ongoing surveillance.

How LianSpy Operates

Upon installation, LianSpy presents itself as a system service or an Alipay app, making it difficult to spot. It requests or automatically grants itself permissions for screen overlays, notifications, contacts, call logs, and background activities. This allows it to operate discreetly, gathering and sending data without alerting the user.

LianSpy avoids detection by not running in environments that might expose it, such as those monitored by analysts. It stores its configuration on Yandex Disk and maintains this data locally, ensuring its persistence across device reboots.

Data Collection and Security Measures

The spyware selectively targets specific apps and activities. It uses the media projection API to take screenshots of popular applications like WhatsApp, Chrome, Telegram, Facebook, Instagram, Gmail, Skype, Vkontakte, Snapchat, and Discord. This selective data collection reduces the risk of detection, as it activates only when users engage with these apps.

The stolen data is encrypted with AES within an SQL table named ‘Con001’ before being exfiltrated to Yandex Disk. It is encrypted with a private RSA key, ensuring that only the attackers can access it.

Unlike other malware that frequently communicates with control servers, LianSpy operates with significant autonomy. It does not receive direct commands or updates but checks for configuration changes approximately every 30 seconds. These updates, stored as substrings in the configuration data, dictate the malware’s activities on the infected device.

Suppressing Notifications and Targeting Demographics

One of LianSpy’s notable features is its ability to suppress notifications that could reveal its presence. It uses ‘NotificationListenerService’ to block alerts with phrases like “using battery” or “running in the background,” which are typically associated with suspicious activity. The inclusion of both English and Russian phrases suggests that the primary targets are Russian-speaking users.

Command and Control Functions

LianSpy uses a series of substrings to manage its functions, such as enabling or disabling data collection, screen captures, and monitoring based on network connections. Below are some of the key commands:

– *con+ : Enable contact list collection

– *clg+ : Enable call log collection

– *app+ : Enable collection of installed apps

– *rsr+  : Schedule screenshot capture

– *nrs+ : Enable screen recording

– *wif+ : Allow operation on Wi-Fi

The emergence of LianSpy underscores the growing sophistication of mobile spyware and its threat to Android users. While it currently targets Russian users, the adaptable techniques could pose a risk to a broader audience. Android users worldwide should stay vigilant, keep their devices updated, and be cautious about unfamiliar apps.

Tags: CybersecurityLianSpyRussia
Tweet55SendShare15
Previous Post

Weekly Tech Update: AI Upgrades, Data Breaches, Must-Have Gadgets and More

Next Post

How to Get Haki in AUT

Harikrishnan A

Aspiring writer. Enjoys gaming, fried chicken and iced tea, preferably all together.

Recommended For You

The Impending Chasm OpenAI Face Potential Cash Exhaustion by Mid-2027

by Anochie Esther
July 12, 2026
0
OpenAI could run out of cash by mid-2027

The staggering upward trajectory of the generative artificial intelligence boom has officially run straight into the unyielding law of capital constraints. For the past three years, the tech...

Read more

Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

by Samir Gautam
July 12, 2026
0
Volkswagen ID. Unyx 09 Revealed With Up to 496 HP Ahead of China Launch

Volkswagen is gearing up to expand its electric vehicle portfolio in China with the upcoming ID. Unyx 09, a performance-focused electric sedan that combines striking styling with impressive...

Read more

Modern EV Batteries Are Lasting Far Longer Than Buyers Once Feared, New Data Shows

by Samir Gautam
July 12, 2026
0
Modern EV Batteries Last Longer Than Expected

For years, one of the biggest concerns surrounding electric vehicles has been battery life. Many potential buyers worried that the battery pack would lose its capacity within a...

Read more
Next Post
Credit: Youtube

How to Get Haki in AUT

Please login to join discussion

Techstory

Tech and Business News from around the world. Follow along for latest in the world of Tech, AI, Crypto, EVs, Business Personalities and more.
reach us at info@techstory.in

Advertise With Us

Reach out at - info@techstory.in

Aviator Game India 2026

BROWSE BY TAG

#Crypto #howto 2024 acquisition AI amazon Apple Artificial Intelligence bitcoin Business China cryptocurrency e-commerce electric vehicles Elon Musk Ethereum facebook funding Gaming Google India Instagram Investment ios iPhone IPO Market Markets Meta Microsoft News OpenAI samsung Social Media SpaceX startup startups tech technology Tesla TikTok trend trending twitter US

© 2025 Techstory.in

No Result
View All Result
  • News
  • Crypto
  • Gadgets
  • Memes
  • Gaming
  • Cars
  • AI
  • Startups
  • Markets
  • How to

© 2025 Techstory.in

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In
Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?