Threat Database Mobile Malware IcSpy Mobile Malware

IcSpy Mobile Malware

IcSpy is a mobile threat, targeting Android users specifically. The malware is equipped with information-collecting capabilities and is being deployed as part of attack operations targeting users' banking and payment-related information. IcSpy's operators are focused primarily on users residing in India. Details about the threat were released in a report from infosec researchers recently. The same report also details attack operations involving additional banking mobile threats, such as the AxBanker Banking Trojan.

The IcSpy infection begins with a smishing campaign. This means that the attackers are sending luring SMS messages to unsuspecting users. The messages contain deceptive instructions that try to convince the targets to follow the provided link under pretenses. The link itself will take users to a dedicated phishing page. Pretending to be an official 'SBI Bank Customer Support' website, the page will try to extract sensitive information from its visitors, before inviting them to download what is presented as the legitimate application of the State Bank of India (SBI). Instead, users will download a fake application carrying the IcSpy threat.

Threatening Capabilities

Once it has infiltrated the victim's Android device, IcSpy will request various permissions. The threat also will try to obtain access to the device's network and network connections. Cybersecurity experts warn that IcSpy will attempt to establish persistence on the infected device by asking to be executed on every startup, as well as being able to run in the background. The main goal of the threat is to abuse the received permissions to start collecting sensitive data from the Android device.

The exact consequences of the IcSpy infection may vary, depending on the specific goals of the attackers. The threat can monitor, intercept, read and send SMS. In practice, this allows the attackers to obtain any OTPs (One-Time Passwords) or 2FA/MFA (Two-Factor Authentication/multi-factor authentication) codes being sent to the device.


Most Viewed