PhantomLance
PhantomLance is the name of a cybercrime organization whose activity has been followed by malware researchers for the past couple of months closely. During this period, the cybersecurity experts were able to uncover a four-year-long campaign that aimed to propagate Android Trojans to users worldwide. The threat, called PhantomLance, was hosted on the official Google Play Store, as well as on to 3rd-party application store services. PhantomLance often poses as a phone-enhancing utility that promised to provide users with valuable updates and tools that would make their devices more functional and reliable – however, the bogus applications will install the PhantomLance in the background.
One of the fake applications that accumulated a large number of downloads posed as an Open GL plugin that would supposedly allow the victim to play newer mobile games. When launched, the application would simulate an update process, but instead of downloading a legitimate Open GL plugin, it would end up deploying a copy of the PhantomLance backdoor Trojan.
Once PhantomLance is installed, it would start to exfiltrate data from the compromised device – contacts, call history, text messages, hardware/software details and more. Furthermore, it can function as spyware that would monitor the user's activity and report back to the Command and Control server. Finally, PhantomLance is able to download and initialize additional payloads, therefore allowing the operators to easily use other malware to perform various actions on the hacked device.
All of PhantomLance's payloads were obfuscated and encrypted heavily, therefore making it difficult to dissect and analyze its content. In addition to this, the four-year-long campaign was executed in a very elaborate manner, and cybersecurity experts share the opinion that the crooks behind this attack are well-honed in the mobile malware field, certainly.
The PhantomLance campaign is just one of the latest examples of Android malware that was able to bypass the security mechanisms of the official Google Play Store. Needless to say, the fact that an application is featured on the Google Play Store does not imply that it is safe to use – this is why we advise our readers to use an up-to-date mobile security product that can keep them save from the plethora of Android Trojans and other malware circulating in the wild.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.