LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47)
First observed in 2018, LightSpy is a modular malware family that initially targeted iOS devices in Southern Asia before expanding to Android and macOS platforms. It consists of a downloader, a main executable that manages network communications, and functionality-specific modules, typically implemented as .dylib
files (iOS, macOS) or .apk
files (Android). LightSpy can collect VoIP call recordings, SMS messages, and credential stores, which are then exfiltrated to a command and control (C2) server.[MelikovBlackBerry LightSpy 2024]
Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
---|---|---|---|---|
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9) | Tidal Groups | LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47) | Tidal Software | 1 |