A new spy software campaign targets Android users by pretending to be antivirus via Messenger applications. Once installed on your device, it can do anything, recording your screen to steal your passwords. Malware, called Lunaspy, was identified by Kaspersky and has been active since at least February 2025.
What is Lunaspy?
According to Kaspersky, Lunaspy imitates real antivirus software, scanning your device and alerting you (false) “found threats”, after which it requires in -depth authorizations so that it can spy on your unsuspected device. Malware can perform a range of functions:
-
Audio and video recording using the microphone and camera of your device
-
Read texts, call logs and contact lists
-
Execute arbitrary shell orders
-
Steal
-
Follow -up locations
-
Device screen recording
The program is also able to steal images from the photo gallery in your phone. All this information is then sent to command and control servers belonging to the attackers, where it can be used for malicious purposes.
How Lunaspy spreads to Android and how to protect your device
The Lunaspy campaign proliferates via messenger apps like Telegram. Targets can receive a message from a stranger – or the diverted story of someone they know – assuming that they install “antivirus”. Victims may also be sent to download the application in a new channel.
In general, you must download applications only from official sources such as Google Play Store (although malware can sometimes pass through the meshes of the net, as for false crypto extensions recently found among the additional Mozilla modules). Avoid third sources and do not download the APK files from messengers even if you know the sender.
What do you think so far?
You can also block unknown installation installations for sources outside the Google Play Store, so your device will have an additional protective layer if you try to download a malicious program. Although the details vary depending on your device, this option can usually be found under Settings> Safety.
You must beware of applications – including antivirus – which require general authorizations without a clear objective, unless you have verified that the software is legitimate and trustworthy. You can confirm the authorizations including an application has under Settings> Applications> Authorizations.
If you think you have installed spyware on your Android, you must immediately uninstall all suspicious applications. Factory reset is a more extreme step, but it should completely erase malware, be sure to support everything first.
