LightSpy APT Attacking WeChat Users to Steal Payment Data

The LightSpy malware, linked to the state-sponsored group APT41, is targeting iOS users in Hong Kong via the WeChat payment system to access data, monitor communications and conduct other malicious activities. The malware’s 14 Android plugins include location tracking, recording audio and accessing payment history from WeChat Pay, among other functions.