Summary

• Lookout attributes WyrmSpy and DragonEgg to infamous Chinese espionage group APT41, which has not slowed down since recent indictments by the U.S. government.
• APT41 is known to target a wide range of public and private sector organizations, including nation-state governments, software development companies, computer hardware manufacturers, telecommunications providers, social media companies, and video game companies.
• An established threat actor like APT41 turning their focus to mobile devices shows that mobile endpoints are high-value targets with coveted data.
• WyrmSpy and DragonEgg use modules to hide their malicious intentions and avoid detection.
• WyrmSpy and DragonEgg were first reported to Lookout Threat Intelligence Services subscribers in October 2020 and January 2021 respectively in full write-ups that included IOCs, YARA rules, and additional threat analysis.