It appears that a new Android spyware has been active since at least February 2025, according to a daily Kaspersky blog post. The name of this spyware is LunaSpy. It enters Android phones through messaging apps, under the guise of an antivirus, and sometimes as a banking protection tool. The damages to the user can go as far as stealing your passwords, tracking your locations, and gaining control of your phones.
LunaSpy spyware can steal your passwords
Kaspersky notes that a potential victim can receive a message with the text “Hi, install this program here.” Once you install the app, it runs a fake scan and displays a serious “threat found” warning, causing panic. It then forces the user into granting a long list of permissions to fix the threat. However, in reality, it won’t fix anything.
Instead, LunaSpy will get hold of your passwords from browsers and messengers and track your location. It can record audio/video from the microphone and camera. It can even read your texts, contacts, and call logs. As if that were not enough, the malware is also capable of running commands on your device.
Do not install apps from links received via message
Reportedly, the latest version includes the tech to steal your photos, but it’s not implemented yet. The attacker gets the user data via command-and-control servers, sprawling over about 150 different domains and IP addresses associated with this spyware.
This calls for being vigilant about what you download on your phone, especially apps from messenger links, such as Telegram. This is even if it’s coming from someone you trust the most, as their phone may have been a victim of LunaSpy spyware. It’s generally a good idea to limit app permissions, unless you see a strong logical reason. You can also use password managers on your phone to safeguard your passwords.
#Dangerous #Malware #Pretends #Phone #Antivirus
