LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47)
First observed in 2018, LightSpy is a modular malware family that initially targeted iOS devices in Southern Asia before expanding to Android and macOS platforms. It consists of a downloader, a main executable that manages network communications, and functionality-specific modules, typically implemented as .dylib files (iOS, macOS) or .apk files (Android). LightSpy can collect VoIP call recordings, SMS messages, and credential stores, which are then exfiltrated to a command and control (C2) server.[MelikovBlackBerry LightSpy 2024]
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9) | Tidal Groups | LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47) | Tidal Software | 1 |