Phantomlance is a Malware that steals information from an Android smartphone such as call logs, location, contacts, and messages. This malware also gathers device information. Last year, Kaspersky detected a new Trojan backdoor on Google Play. Kaspersky also claims that the Phantomlance campaign is going on since 2015. There are plenty of applications on Google Play Store that are infected by this campaign.
If the victim’s phone is rooted, there is a high chance that this Malware can change permissions of the phone without letting the victim know. Google Play Store claims that they have the strictest Malicious Software protection yet this Malware got past it. Also, malware is basically targeting countries in Asia.
How to Enable Facebook Care Emoji Reaction
PhantomLance and Google Play Store
PhantomLance targets mainly applications on Google Play Store. About 250 malicious attempts have been detected on Google Play Store Android applications. According to Kaspersky, the malware was found hiding mostly in System cleanups applications. This malware can do the following things on an Android Phone.
- Copy the contact information.
- Read Text Messages.
- Find the device location.
- Copy the list of the application installed on the Android Phone.
- Executing shell commands on the Android Phone.
- Change Permissions of any application(If the device is rooted).
Google claims that they have deleted every application that had PhantomLance Malware. However, nobody knows for sure. Blackberry researchers claims OceanLotus entered Google Play in 2019. OceanLotus has been active since a very long time. They also tried to hack Chinese Ministry of Emergency Management to find the information related to Coronavirus.
.@Kaspersky researchers announced during #SASatHome that the OceanLotus APT group could be behind an ongoing cyber-espionage campaign dubbed PhantomLance. via @InfosecurityMag https://t.co/XPQ5SY7zhn pic.twitter.com/doodOBhF5k
— John Ashwin (@KLrecruitNA) April 30, 2020
How PhantomLance bypassed Google Play Store Security?
They didnt, they just uploaded the first version of the application, malware free. When Google Play approved their application, they updated the application and added a Malware present build. Kaspersky also provided the list having PhantomLance.
- Browser Turbo.
- Open GL.
- Ads Skipper.
- Browser Address.
- Beer Address.
Deployment tactics of #PhantomLance #SASatHome #TheSAS2020 Full article: https://t.co/OQEI9Hn4GR pic.twitter.com/CPfIsKyayr
— Kaspersky (@kaspersky) April 28, 2020
How to protect Android Phone from Malware?
- Download applications only from trusted sources on Play Store.
- Don’t give Full phone access to an application i.e don’t check every permission an application asks you to do so.
- Look for application ratings and reviews.
Even though Google promises to protect your privacy, it is wise to be careful. Look for suspicious applications installed on your phone. Some of them might be accessing your Whats-app messages.
