More than 100 commands allowing multi-platform data compromise have been integrated into the latest version of the LightSpy surveillance tool, which was last observed to have gained additional spying capabilities for iOS, Security Affairs reports.
Newly added commands focusing on transmission management and plugin version monitoring not only enabled the targeting of Facebook and Instagram implementations in Android, threatening metadata, contacts, and messages on both social media platforms, but also facilitated audio recording and keylogging in Windows devices, while removing harmful iOS plugins, according to an analysis from threat hunting firm Hunt.io.
Additional findings also shed light on the unique login, remote access, and device management endpoints in the spyware's admin panels.
"Command set modifications and Windows-targeted plugins suggest that operators continue to refine their data collection and surveillance approach across multiple platforms. The exposure of admin panel authentication endpoints provides insight into how operators manage compromised systems and suggests that aspects of LightSpy's infrastructure may be monitored or tracked through behavioral analysis of authentication flows," said the report.
