A new Android spyware called LunaSpy has been detected by Kaspersky, posing a significant threat to mobile device users since at least February 2025. The malware spreads through messaging apps like Telegram by disguising itself as antivirus or banking protection software.
Once installed, LunaSpy tricks users into granting extensive permissions by simulating a virus scan and displaying fake “threats found” warnings. These permissions are then used for malicious activities such as exfiltrating passwords, recording audio and video, accessing text messages, and tracking the device’s location.
The latest iteration of LunaSpy also includes dormant code for photo exfiltration, suggesting potential future functionality. The malware transmits user data to attackers via a network of approximately 150 servers.
To avoid falling victim to this threat, users are advised to exercise caution when downloading Android Package Kits (APKs) from messenger links, even if they come from trusted contacts whose accounts may be compromised. They should also be wary of unfamiliar security applications that request broad permissions.
Source: https://dataconomy.com/2025/08/13/this-android-malware-steals-passwords-records-calls-and-tracks-location