A new Android spyware, dubbed LunaSpy, is masquerading as an antivirus or banking protection app to steal sensitive data from unsuspecting users.
First detected in February 2025, the malware spreads through messaging platforms like Telegram, often disguised as a security tool sent by hacked contacts or shady channels.
Once installed, LunaSpy tricks users by running a fake virus scan, displaying alarming warnings about nonexistent threats. It then requests extensive permissions, claiming they’re needed to “fix” the issues.
In reality, the app hijacks personal data, including passwords from browsers and messaging apps, call logs, texts, and even real-time location data. It can also secretly record audio and video, execute remote commands, and, in newer versions, may soon gain the ability to steal photos.
Researchers at Kaspersky found that stolen information is sent to a network of 150 command-and-control servers, highlighting the malware’s sophisticated infrastructure.
To avoid infection, experts warn against downloading apps from messaging links even if sent by trusted contacts. They also advised users to scrutinize permission requests. Legitimate antivirus apps rarely demand unrestricted access to a device’s intrusive permissions. For added protection, stick to the official Google Play Store as it has security features like Google Play Protect.