LightSpy Description

The LightSpy malware is a threat that targets iOS devices. Threats that are designed to target iOS systems specifically are not very common, as they are rather difficult to build. This means that the creators of the LightSpy threat are likely highly-skilled and well-experienced cyber crooks. The LightSpy malware targets 12.01 to 12.2 versions of iOS. Cybersecurity experts believe that the LightSpy threat also may be compatible with an older variant of iOS – 11.03.

Likely Originates from China

After studying the LightSpy threat, malware analysts found that this malware likely originates from China. However, researchers have not yet managed to pinpoint a certain APT (Advanced Persistent Threat) that may be responsible for the LightSpy malware. Some analysts believe that the LightSpy threat may be the creation of the Lotus Bloom hacking group, which also is known under the alias Spring Dragon.

Propagation Methods

Security experts believe that a Chinese APT may be behind the LightSpy malware due to the targeted demographic – Hong Kong protesters exclusively. Targeting such a limited demographic leads us to believe that the attack is motivated politically. To manage to compromise the devices of the Hong Kong targeted protesters, the attackers use several techniques:

  • Phishing email campaigns
  • Direct messages via social media networks.
  • Direct messages via email.
  • Fake posts on Instagram.
  • Fake posts on the Telegram messaging service.
  • Fake posts on various online forums.

The exploit kit and the payload of the LightSpy threat appear to be hosted on domains set up by the attackers like ',' ',' ',' ',' and others. The '' page is designed to imitate the official page of a newspaper that is rather popular in Hong Kong – Apple Daily.

Collects Data

Upon infecting a targeted system, the LightSpy threat will then connect to a predetermined C&C (Command & Control) server. Next, the LightSpy malware will wait for commands from its operators. The LightSpy threat is capable of collecting all data types from the compromised device. This iOS malware can:

  • Manage text messages.
  • Execute remote commands.
  • Collect text messages.
  • Collect call history.
  • Collect contacts list.
  • Collect files from the device.
  • Upload files on the device.
  • Use the device's GPS system to collect location data.
  • Obtain a list of the installed software.
  • Obtain a list of the running processes.
  • Obtain data regarding the WiFi – nearby networks and connection history.
  • Obtain data regarding QQ accounts – messages, shared files, contacts list, groups.
  • Obtain data regarding WeChat accounts – messages, shared files, contacts list, groups.

The Hong Kong protesters are often targeted by pro-Beijing cybercriminals, and the LightSpy malware is not the first or the last threat that is designed to target this demographic specifically.

Do You Suspect Your Computer May Be Infected with LightSpy & Other Threats? Scan Your Computer for Threats with SpyHunter

SpyHunter is a powerful malware remediation and protection tool designed to help provide users with in-depth system security analysis, detection and removal of a wide range of threats like LightSpy as well as a one-on-one tech support service. Download SpyHunter's FREE Malware Remover*
* Free Remover allows you, subject to a 48-hour waiting period, one remediation and removal for results found. Read our EULA, Privacy Policy & Special Discount Terms. See more Free SpyHunter Remover details.

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.