Two malware strains called WyrmSpy and DragonEgg were deployed on Android mobile devices as part of a cyberespionage campaign, which has been associated with APT41 (also known as Winnti, BARIUM, or Double Dragon). The discovery coincides with Mandiant’s disclosure of Chinese espionage operations’ increasing undercover tactics.
With a history of attacking many businesses in the U.S., Asia, and Europe, APT41 is one of the oldest state-backed terrorist organisations in China. The DOJ filed charges against five gang members in September 2020 for their role in cyberattacks on more than 100 businesses. Despite the crackdown, the group has evolved and is now concentrating on mobile users.
[Read More…](Android Spyware WyrmSpy and DragonEgg Attributed to APT41 | Cyware Alerts - Hacker News)