This Spyware Campaign Targets Android Users Via Messaging Apps

Posted on by

A new spyware campaign is targeting Android users by posing as an antivirus program distributed via instant messaging apps. Once installed on a device, it can do everything from record screens to steal passwords. The malware, dubbed LunaSpy, was discovered by Kaspersky Lab and is believed to have been active since at least February 2025.

What is LunaSpy?

According to Kaspersky Lab, LunaSpy imitates a real antivirus by scanning your device and warning you about (fake) “threats detected,” then asking for advanced permissions to spy on your device without raising suspicion. The malware can perform a number of functions:

  • Record audio and video using your device’s microphone and camera

  • Read text messages, call logs and contact lists

  • Executing arbitrary shell commands

  • Password theft

  • Location tracking

  • Recording the device screen

The program is also capable of stealing images from your phone’s photo gallery. All this information is then forwarded to the attackers’ control servers, where it can be used for malicious purposes.

You may also like

How LunaSpy Spreads on Android and How to Protect Your Device

The LunaSpy campaign is spread through instant messaging apps like Telegram. Victims may receive a message from a stranger (or a hacked account of a friend) asking them to install an “antivirus.” Victims may also be asked to download an app through a new channel.

In general, you should only download apps from official sources like the Google Play Store (though malware sometimes sneaks through, like the fake crypto extensions recently discovered among Mozilla add-ons ). Avoid third-party sources, and don’t download APKs from messaging apps, even if you know the sender.

What do you think at the moment?

You can also completely block the installation of unknown apps from sources outside of Google Play, which will give your device an extra layer of protection if you try to download malware. While the specifics of this setting may vary depending on your device, you’ll typically find this option under Settings > Security .

You should be wary of apps, including antivirus software, that request broad permissions without a clear purpose unless you are sure that the software is legitimate and trustworthy. You can check what permissions an app has in Settings > Apps > Permissions .

If you suspect that your Android has spyware installed, uninstall any suspicious apps immediately. A factory reset is a more drastic measure, but it should completely remove the malware. Just be sure to back up all your data first.

More…

Security

Leave a Reply