Danny Weber
Security experts uncover LunaSpy Android trojan spreading via pre-infected smartphones, targeting bank customers with surveillance and fraud. Learn how to protect yourself.
Security experts at F6 have uncovered a new attack method where malicious software spreads through pre-infected smartphones. The scheme involves the LunaSpy Android trojan, which gets installed on devices beforehand and is then handed to victims disguised as a safe, secure gadget.
According to specialists, around 300 targeted attacks were recorded in February and March alone, aimed at Russian bank customers. Attackers first use social engineering techniques, convincing people they need to replace their device, then provide a smartphone already loaded with spyware.
LunaSpy has extensive surveillance capabilities: it can record screens, intercept camera and microphone data, and collect personal information. The malware disguises itself as system services, like antivirus software, and actively resists removal by monitoring users' attempts to uninstall it.
The trojan also lets attackers control victims' actions in real time. In some cases, specialized messaging apps were found on devices, allowing criminals to coordinate their activities and interact with users to enhance the deception.
Experts warn that these attacks represent a dangerous new fraud scenario where devices are compromised from the start. For users, this means buying smartphones only from official retailers, avoiding suspicious app installation links, and carefully monitoring program permissions.
© A. Krivonosov