Skip to content

Hide Navigation Hide TOC

LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47)

First observed in 2018, LightSpy is a modular malware family that initially targeted iOS devices in Southern Asia before expanding to Android and macOS platforms. It consists of a downloader, a main executable that manages network communications, and functionality-specific modules, typically implemented as .dylib files (iOS, macOS) or .apk files (Android). LightSpy can collect VoIP call recordings, SMS messages, and credential stores, which are then exfiltrated to a command and control (C2) server.[MelikovBlackBerry LightSpy 2024]

Cluster A Galaxy A Cluster B Galaxy B Level
APT41 (502223ee-8947-42f8-a532-a3b3da12b7d9) Tidal Groups LightSpy (ea7435b5-bb56-5ee1-ac2e-256aec44ae47) Tidal Software 1