LianSpy Spyware Hides From Android Security By Disabling Key Protections

Google's routine monthly security updates for Android are designed to thwart various malware and spyware threats that could compromise your phone or tablet. However, a new report from Kaspersky , the security firm recently barred in the United States, reveals a sophisticated spyware known as “LianSpy.” This malicious software is capable of stealing files, capturing screenshots, and harvesting call logs.

Unlike typical malware, LianSpy has evaded detection for over three years due to its advanced stealth techniques . According to Kaspersky, the spyware masquerades as the Alipay app or a system service to avoid being flagged. It uses a modified “su” binary to gain root access , suggesting it either exploits an undisclosed vulnerability or needs physical access to the device.

Even with Android 12’s new privacy indicator that alerts users when an app uses the camera or microphone, LianSpy circumvents this by including a “cast” value to block these notifications, leaving users unaware of its activity.

Upon installation, LianSpy requests permissions for screen overlay, contacts, notifications, call logs, and background operation. If it installs as a system service, it self-approves these permissions. It has the capability to access apps such as WhatsApp, Telegram, Chrome, Facebook, Instagram, Gmail, Skype, Snapchat, and Discord. While currently targeting Russian users, the presence of English phrases in the spyware indicates potential targeting of users in other regions.