Maikspy Spyware

Maikspy is newly observed spyware that targets users on social media and adult gaming sites. There are two known variants of this malware, targeting Google Android and Microsoft Windows devices respectively.

Both variants aim to steal information such as email addresses, banking credentials and contact information. The Android variant propagates via malicious links posted on social media which advertise a fake adult game. Once this is downloaded it displays a message telling the user the app has failed to download, however the spyware will run in the background. The Windows variant is delivered via malicious RAR files downloaded from fake adult sites. These include a .txt file requesting the user disable their anti-virus, so they can access and steal user information.

The latest Maikspy variants revealed that users contracted the spyware from hxxp://miakhalifagame[.]com/, a website that distributes malicious apps (including the 2016 adult game) and connects to its C&C server to upload data from infected devices and machines.

IP’s & Hosts To Block

hxxp://miakhalifagame[.]com

hxxp://fakeomegle[.]com

hxxp://www[.]roundyearfun[.]org ( C&C address to save victims’ data )

107.180.46.243

198.12.155.84

198.12.149.13

Downloading only from legitimate app stores like Google Play can prevent Maikspy from compromising computers and mobile devices. It is also important to be aware of what apps are allowed to access, and to understand the risks before accepting any terms or granting certain permissions to apps.

One way to stay protected is to opt into Google Play Protect. It is designed to work in the background, protecting users from malicious apps in real time.

Affected Platforms

• Microsoft Windows – All versions
• Google Android Devices – All versions