LightSpy, a malware program used in a 2020 watering hole attack against iOS users, was discovered to contain a group of 14 plugins that are in charge of stealing personal information. Researchers have linked the virus to the Chinese state-sponsored APT41 gang, which in the past had targeted Android users with the spyware programs WyrmSpy and DragonEgg.
ThreatFabric demonstrates that LightSpy comprises a Core implant in addition to 14 plugins, which is in charge of organizing the critical operations for the entire attack chain. Gathering device fingerprints, establishing a complete connection with the C2 server, and obtaining commands from the server are among the Core’s primary functions.