Cybersecurity researchers have discovered an updated version of the LightSpy implant spyware that now includes features to extract information from social media platforms like Facebook and Instagram. The malware, which can infect both Windows and Apple systems, is capable of collecting data such as Wi-Fi network information, screenshots, location, and more.
The latest update to the malware allows it to target Facebook and Instagram application database files for data extraction from Android devices, expanding its capabilities to include social media platforms. This shift in focus expands LightSpy’s ability to collect private messages, contact lists, and account metadata from widely used social platforms.
Researchers have also discovered 15 Windows-specific plugins designed for system surveillance and data collection, including keylogging, audio recording, and USB interaction. Additionally, Hunt.io found an endpoint in the admin panel that grants logged-in users the ability to remotely control infected mobile devices.
The discovery comes as another Android malware dubbed SpyLend has been uncovered, masquerading as a financial app on the Google Play Store but engaging in predatory lending, blackmail, and extortion aimed at Indian users. The malware downloads a fraud loan app from an external URL, granting extensive permissions to access sensitive data.
Meanwhile, Indian retail banking customers have also become targets of another campaign distributing a malware codenamed FinStealer that impersonates legitimate bank apps, but is engineered to collect login credentials and facilitate financial fraud.
Source: https://thehackernews.com/2025/02/lightspy-expands-to-100-commands.html