What is LightSpy?

LightSpy is a dangerous spyware program that can infect Windows, macOS, and Apple devices. First discovered in 2020 targeting users in Hong Kong, it has since evolved into a more powerful tool for cybercriminals.

You might be interested in: RansomHub Leads Ransomware Attacks in 2024

What’s New in the Latest Version?

Security researchers have identified an updated version of LightSpy with expanded data collection capabilities. The spyware can now steal information from popular social media platforms, including Facebook and Instagram.

New Features:

• Increased Data Theft: The malware can extract data from apps like Files, LINE, Mail Master, Telegram, Tencent QQ, WeChat, and WhatsApp.
• Access to System Data: It can gather Wi-Fi network details, location, screenshots, sound recordings, browser history, contacts, call logs, and SMS messages.
• Expanded Plugin Support: The number of supported plugins has increased from 12 to 28, giving attackers more tools to spy on victims.
• Destructive Abilities Removed: While older versions could prevent an infected iOS device from booting, the latest update removes these destructive features.

LightSpy’s New Focus on Facebook and Instagram

The updated malware includes commands designed to steal database files from Android devices running Facebook and Instagram. This means hackers could gain access to private messages, contact lists, and account details.

Cybersecurity analysts believe this shift in focus helps cybercriminals gather more personal information, increasing their ability to monitor and exploit victims.

Windows-Specific Threats

In addition to mobile devices, LightSpy has added 15 new plugins designed for Windows systems. These plugins focus on:

• Keylogging (recording everything typed on the keyboard)
• Audio recording
• USB data theft

The spyware also includes a hidden feature allowing remote attackers to control infected mobile devices through a command panel.

Another Threat: SpyLend Malware in Fake Loan Apps

Alongside LightSpy, security researchers have also flagged another malware called SpyLend. This Android-based spyware disguises itself as a financial app called Finance Simplified. Once installed, it engages in:

• Predatory lending practices
• Blackmail and extortion
• Data theft, including contacts, call logs, and even camera access

SpyLend specifically targets Indian users by luring them into installing fraudulent loan apps, such as KreditPro, MoneyAPE, StashFur, Fairbalance, and PokketMe. These apps, which operated through WebView to bypass Google Play Store restrictions, have now been removed from the store.

FinStealer: Another Scam Targeting Indian Bank Users

In a separate campaign, another malware called FinStealer is being used to impersonate legitimate banking apps. Cybercriminals distribute this malware via phishing links and social engineering tactics to:

• Steal login credentials
• Collect financial data
• Perform unauthorized transactions

The malware uses Telegram bots to communicate with hackers, making it difficult for security systems to detect or block its activity.

How to Stay Safe

With threats like LightSpy, SpyLend, and FinStealer on the rise, it’s important to protect your devices. Here’s how you can reduce your risk:

• Avoid downloading apps from unknown sources
• Be cautious of suspicious links in emails or messages
• Use strong passwords and enable two-factor authentication
• Keep your device software and security tools updated
• Monitor app permissions and remove apps that request unnecessary access

Cybercriminals are constantly evolving their tactics, so staying informed is key to keeping your personal data safe.