Ecular Xu, Trend Micro

Cyberespionage is an underrated threat in the mobile platform. While targeted attacks on mobile may seem few and far between compared to desktops or PCs, our research shows that they are active, sometimes offshoots of their operations on PCs, and always raring to exploit security gaps in people, process, and technology.

Our research delved into mobile targeted attacks from May 2017 to June 2018. Our data comprise eight campaigns, over 200 malware, and 10GB of new data that threat actors stole from their victims. Some are still active but weren’t disclosed. Those we publicly reported include AnubisSpy, PoriewSpy, and Two-tailed Scorpion (GnatSpy) and FakeSpy.

In this presentation, we will provide a deep analysis on Android, iOS, and Blackberry-related cyberespionage campaigns along with their attack chain. Our comparison of notable desktop and mobile targeted attacks will show how mobile cyberespionage may have been active earlier than initially thought.

We will also focus on the different approaches of mobile targeted attacks using real-world examples: How they are disguised, how they evade detection, and sneak in legitimate app stores. We will cover the social engineering they use (e.g., via social media, sexual innuendo…), how the payload is delivered and deployed (e.g., multi-stage deploy, exploit…), and the kind of information these campaigns are after. We will also discuss campaigns conducted on different platforms based on correlation of their infrastructure and codes. Indeed, given the mobile platform’s ubiquity—will it be cyberespionage’s main frontier?