GolfSpy

Lately, smartphones have been turning into a more and more integral part of our lives. Many people use their smartphones more than they use computers. Naturally, this means that people also are storing more and more data on their mobile devices, which includes sensitive personal information. Cybercriminals do not miss out on such opportunities, and all sorts of threats targeting mobile devices have been developed.

The GolfSpy malware is one such case. It is known that the GolfSpy threat is built to target Android devices. The authors of GolfSpy threat have been propagating it via fraudulent posts on social media. The GolfSpy malware has been involved in campaigns with targets in the Middle East. It appears that the GolfSpy threat is targeting military personnel, which has led some to believe that the attackers have political motivations. There have only been around 660 infiltrated devices so far, which makes malware experts speculate that the targets were not chosen at random. When cybersecurity researchers dissected the GolfSpy malware, they found out that this threat is fairly similar to another known threat – the Domestic Kitten malware.

This may mean that the authors of the Domestic Kitten threat have likely created the GolfSpy malware too.
The GolfSpy malware packs an impressive number of features. This threat is able to exfiltrate almost all data that would be stored on an Android mobile device. The GolfSpy malware can access the data saved on the targeted devices such as photos, videos, music files, etc. It also can collect information from the memory card in the Android device. This threat also can collect information such as text messages, call logs, contacts, saved accounts, bookmarks and browser history. Furthermore, the GolfSpy malware gathers information about the corrupted device by accessing data such as battery charge and health, running processes and installed applications.

It is likely that we are talking about an espionage operation here. It is not yet known who the con actors are, but it is highly unlikely that they will cease their operations any time soon.