Particle.news
Download on the App Store
3 ARTICLES
·
2d ago

LunaSpy Spyware Contains Dormant Photo-Theft Code and Operates Through 150-Server Network

It tricks users into granting extensive permissions through fake virus scans delivered via messaging-app links.

LunaSpy Android spyware distributed via Telegram

Overview

  • LunaSpy has persisted since at least February 2025, continuing to spread through links in messaging apps like Telegram.
  • It masquerades as legitimate security or banking apps to prompt users to sideload APKs outside the Google Play ecosystem.
  • Once installed, granted permissions allow it to steal credentials, record audio and video, intercept messages, track location and execute remote commands.
  • Compromised data is funneled through about 150 attacker-controlled servers and researchers note dormant code for future photo exfiltration.
  • Security firms advise installing apps only from official stores, scrutinizing permission requests and avoiding APK downloads from unsolicited links.