SpyC23

Description

(SentinelLabs) The Arid Viper group has a long history of using mobile malware, including at least four Android spyware families and one short-lived iOS implant, Phenakite. The SpyC23 Android malware family has existed since at least 2019, though shared code between the Arid Viper spyware families dates back to 2017. It was first reported in 2020 by ESET in a campaign where the actor used a third-party app store to distribute weaponized Android packages (APK). That campaign featured several apps designed to mimic Telegram and Android application update managers.

Names

Name
SpyC23

Type

Backdoor
Info stealer
Downloader
Exfiltration

Information

https://www.sentinelone.com/labs/arid-viper-apts-nest-of-spyc23-malware-continues-to-target-android-devices/
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/

Mitre Attack

https://attack.mitre.org/software/S1195

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/apk.spyc23

Other Information

Uuid

db9dd5bc-425f-4dfe-ace8-a0e62afbb1f3

Last Card Change

2025-06-28

Threat Intelligence Garden

Explorer

SpyC23

SpyC23

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks