{"id":34663,"date":"2020-04-28T14:39:42","date_gmt":"2020-04-28T14:39:42","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31157\/PhantomLance-Spying-Campaign-Breaches-Google-Play.html"},"modified":"2020-04-28T14:39:42","modified_gmt":"2020-04-28T14:39:42","slug":"phantomlance-spying-campaign-breaches-google-play","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/","title":{"rendered":"PhantomLance Spying Campaign Breaches Google Play"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/zdnet4.cbsistatic.com\/hub\/i\/r\/2020\/04\/28\/57cba3e2-2407-4ae2-b25a-1abacac6e690\/thumbnail\/770x578\/ee7502a7f76bc051eeb63ba5029c541d\/and.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>Kaspersky has warned of an ongoing campaign in which malicious apps hosted by Google Play are covertly spying and stealing Android user data.&nbsp;<\/p>\n<p>On Tuesday, cybersecurity researchers said the campaign, dubbed PhantomLance, has been active for at least four years and is ongoing.&nbsp;<\/p>\n<p>According to the team, &#8220;dozens&#8221; <a href=\"https:\/\/securelist.com\/?p=96772\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">of malicious apps<\/a> connected to PhantomLance and harboring a new Trojan have been discovered in Google Play, the tech giant&#8217;s official Android mobile application repository. In addition, malicious apps have also been found on the APK download site APKpure.&nbsp;<\/p>\n<p>Back in July 2019, the Doctor Web team <a href=\"https:\/\/news.drweb.com\/show\/?i=13349&amp;c=0&amp;p=0\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">published research<\/a> on a new Trojan buried in an application on Google Play that masqueraded as an OpenGL Plugin.&nbsp;<\/p>\n<p>Once launched, the malicious app simulates a check for new versions of OpenGL ES, but actually installs a backdoor and begins exfiltrating user information.&nbsp;<\/p>\n<p>Kaspersky says that a similar sample of this Trojan was found on Google Play and its sophistication &#8212; including the use of high levels of encryption and an ability to adapt malicious payloads depending on the mobile device environment &#8212; suggests that PhantomLance is not the work of run-of-the-mill threat actors.&nbsp;<\/p>\n<p>The PhantomLance malware, of which multiple variations have been traced, has the basic functions of spyware, such as exfiltration functions for stealing user information including phone call logs, contacts, GPS data, SMS messages, and device model and OS information.&nbsp;<\/p>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\">\n<\/section>\n<p><strong>See also:&nbsp;<\/strong><a href=\"https:\/\/www.zdnet.com\/article\/google-will-now-demand-online-advertisers-provide-proof-of-identity-location\/\" target=\"_blank\" rel=\"noopener noreferrer\">Google will now demand online advertisers provide proof of identity and location<\/a><\/p>\n<p>The Trojan is able to build a backdoor to transfer this data to the operator&#8217;s command-and-control (C2) server as well as deploy additional malicious payloads.&nbsp;<\/p>\n<p>Kaspersky suspects an Advanced Persistent Threat (APT) group may be behind the campaign due to the care taken to mask its tracks. In &#8220;almost every case,&#8221; the team says, fake developer profiles were created with associated GitHub accounts, and in order to avoid detection, the first version of each app uploaded to Google Play or APKpure did not contain malicious code.&nbsp;<\/p>\n<p>&#8220;With later updates, applications received both malicious payloads and a code to drop and execute these payloads,&#8221; Kaspersky says.&nbsp;<\/p>\n<p>Approximately 300 infection attempts have been traced to Android devices in countries including India, Vietnam, Bangladesh, and Indonesia since 2016.<\/p>\n<p>Attribution is often a difficult prospect. However, in the case of PhantomLance, there are some indicators that the APT group OceanLotus, also known as APT32, is involved.<\/p>\n<p><strong>CNET:&nbsp;<\/strong><a href=\"https:\/\/www.cnet.com\/how-to\/coronavirus-stimulus-scams-are-here-how-to-identify-these-new-online-and-text-attacks\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">Coronavirus stimulus scams are here. How to identify these new online and text attacks<\/a><\/p>\n<p>After sorting through the codebase of the malicious apps, Kasperksy assessed with &#8220;medium confidence&#8221; that OceanLotus is behind the payloads. This is because at least 20% of the codebase is similar to older Android cyberattacks and campaigns launched by the group, which also tends to target victims across South East Asia.&nbsp;<\/p>\n<p>OceanLotus has been active since 2013 and has been linked to campaigns against entities including the Vietnamese and Chinese governments. Recently, <a href=\"https:\/\/www.zdnet.com\/article\/covid-19-cyber-espionage-saw-chinese-ministry-targeted-by-ocean-lotus-fireeye\/\" target=\"_blank\" rel=\"noopener noreferrer\">a fresh attack<\/a> was launched the Chinese Ministry of Emergency Management in a bid to find and steal data relating to the COVID-19 pandemic.&nbsp;<\/p>\n<p>Kaspersky has reported all of the malicious apps found. Google has since removed them from the store.<\/p>\n<p><strong>TechRepublic:&nbsp;<\/strong><a href=\"https:\/\/www.techrepublic.com\/article\/one-billion-certificates-later-lets-encrypts-crazy-dream-to-secure-the-web-is-coming-true\/?ftag=CMG-01-10aaa1b\" target=\"_blank\" rel=\"noopener noreferrer\" data-component=\"externalLink\">One billion certificates later, Let&#8217;s Encrypt&#8217;s crazy dream to secure the web is coming true<\/a><\/p>\n<p>&#8220;PhantomLance has been going on for over five years and the threat actors managed to bypass the app stores&#8217; filters several times, using advanced techniques to achieve their goals,&#8221; says said Alexey Firsh, a Kaspersky researcher. &#8220;We can also see that the use of mobile platforms as a primary infection point is becoming more popular.&#8221;<\/p>\n<p>ZDNet has reached out to Google and will update when we hear back.&nbsp;<\/p>\n<h3>Previous and related coverage<\/h3>\n<hr>\n<p><strong>Have a tip?<\/strong> Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0<\/p>\n<hr>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/31157\/PhantomLance-Spying-Campaign-Breaches-Google-Play.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":34664,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[8607],"class_list":["post-34663","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineprivacymalwarephonegooglespyware"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2020-04-28T14:39:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"770\" \/>\n\t<meta property=\"og:image:height\" content=\"578\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"PhantomLance Spying Campaign Breaches Google Play\",\"datePublished\":\"2020-04-28T14:39:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/\"},\"wordCount\":650,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/phantomlance-spying-campaign-breaches-google-play.jpg\",\"keywords\":[\"headline,privacy,malware,phone,google,spyware\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/\",\"name\":\"PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/phantomlance-spying-campaign-breaches-google-play.jpg\",\"datePublished\":\"2020-04-28T14:39:42+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/phantomlance-spying-campaign-breaches-google-play.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2020\\\/04\\\/phantomlance-spying-campaign-breaches-google-play.jpg\",\"width\":770,\"height\":578},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/phantomlance-spying-campaign-breaches-google-play\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,malware,phone,google,spyware\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacymalwarephonegooglespyware\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"PhantomLance Spying Campaign Breaches Google Play\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/","og_locale":"en_US","og_type":"article","og_title":"PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2020-04-28T14:39:42+00:00","og_image":[{"width":770,"height":578,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"PhantomLance Spying Campaign Breaches Google Play","datePublished":"2020-04-28T14:39:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/"},"wordCount":650,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg","keywords":["headline,privacy,malware,phone,google,spyware"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/","url":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/","name":"PhantomLance Spying Campaign Breaches Google Play 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg","datePublished":"2020-04-28T14:39:42+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2020\/04\/phantomlance-spying-campaign-breaches-google-play.jpg","width":770,"height":578},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/phantomlance-spying-campaign-breaches-google-play\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,malware,phone,google,spyware","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacymalwarephonegooglespyware\/"},{"@type":"ListItem","position":3,"name":"PhantomLance Spying Campaign Breaches Google Play"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=34663"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/34663\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/34664"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=34663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=34663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=34663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}