A new spyware campaign has emerged, targeting Android users by masquerading as antivirus software delivered through messenger applications. This insidious malware, known as LunaSpy, has been identified by cybersecurity firm Kaspersky and is believed to have been operational since at least February 2025.
What is LunaSpy?
LunaSpy cleverly imitates legitimate antivirus programs, conducting scans on users’ devices and alerting them to fictitious “threats.” Following this, it requests extensive permissions, allowing it to surveil the device without raising suspicion. The capabilities of this malware are alarming and include:
- Recording audio and video through the device’s microphone and camera
- Accessing texts, call logs, and contact lists
- Executing arbitrary shell commands
- Stealing passwords
- Tracking locations
- Recording the device screen
Additionally, LunaSpy can pilfer images from the phone’s photo gallery. All collected data is transmitted to command-and-control servers controlled by the attackers, where it can be exploited for malicious activities.
How LunaSpy spreads on Android—and how to protect your device
The dissemination of LunaSpy primarily occurs through messenger platforms such as Telegram. Victims may receive messages from unknown senders or from compromised accounts of acquaintances, urging them to install the “antivirus.” In some cases, users are directed to download the app from newly created channels.
To safeguard against such threats, it is advisable to download applications exclusively from official sources like the Google Play Store. While this is generally safe, it is worth noting that malware can occasionally bypass these defenses, as evidenced by recent discoveries of fake crypto extensions in Mozilla’s add-ons. Users should exercise caution with third-party sources and refrain from downloading APK files via messenger apps, even from trusted contacts.
For an additional layer of security, users can block installations from unknown sources outside the Google Play Store. This option can typically be found under Settings > Security, providing peace of mind when exploring new applications.
It is crucial to remain vigilant regarding apps—especially antivirus programs—that request broad permissions without a clear justification. Users can review the permissions granted to an app through Settings > Apps > Permissions.
If there is any suspicion of having installed spyware on an Android device, it is imperative to uninstall any questionable applications immediately. While a factory reset is a more drastic measure, it effectively removes malware, provided that all important data is backed up beforehand.
