Mobile malware poses a significant threat to user privacy and security, with the potential to carry out a wide range of malicious actions on infected devices. Beyond the familiar capabilities such as SMS message theft, call log recording, and location tracking, this session delves into the lesser-known, but equally alarming, functionalities that modern mobile threats can employ.

During this session, we will provide an in-depth exploration of our discovery of the sophisticated mobile threat known as LightSpy, including its core components and a staggering fourteen associated plugins. These plugins extend LightSpy’s capabilities by implementing a variety of unique techniques.

One of the highlights of this presentation will be the revelation of novel techniques employed by threat actors to exfiltrate private information from victims’ WeChat Pay transaction histories. Additionally, we will detail how the LightSpy plugin demonstrated the ability to record VOIP calls made through WeChat, all without requiring root access to the target device.

We will shed light on the intricate workings of LightSpy and its plugins, offering insights into the evolving landscape of mobile malware and the advanced methods employed by malicious actors to compromise user data and privacy.