Maikspy Spyware

Maikspy is newly observed spyware that targets users on social media and adult gaming sites. There are two known variants of this malware, targeting Google Android and Microsoft Windows devices respectively.

Both variants aim to steal information such as email addresses, banking credentials and contact information. The Android variant propagates via malicious links posted on social media which advertise a fake adult game. Once this is downloaded it displays a message telling the user the app has failed to download, however the spyware will run in the background. The Windows variant is delivered via malicious RAR files downloaded from fake adult sites. These include a .txt file requesting the user disable their anti-virus, so they can access and steal user information.

The latest Maikspy variants revealed that users contracted the spyware from hxxp://miakhalifagame[.]com/, a website that distributes malicious apps (including the 2016 adult game) and connects to its C&C server to upload data from infected devices and machines.

IP’s & Hosts To Block



hxxp://www[.]roundyearfun[.]org ( C&C address to save victims’ data )

Downloading only from legitimate app stores like Google Play can prevent Maikspy from compromising computers and mobile devices. It is also important to be aware of what apps are allowed to access, and to understand the risks before accepting any terms or granting certain permissions to apps.

One way to stay protected is to opt into Google Play Protect. It is designed to work in the background, protecting users from malicious apps in real time.

Affected Platforms

  • Microsoft Windows – All versions
  • Google Android Devices – All versions

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: