FakeSpy is Android information stealing malware that is known to have been in the wild since at least late 2017 and was initially used to target East Asian countries.Researchers have been investigating a campaign that has been sending SMS messages that contain a download link to an app. A victim would need to allow downloading of apps from third-party stores for the app to be installed. The app masquerades as a legitimate app belonging to postal and transportation services. Once installed the app will began providing information from the victim device to the its C&C servers. It will also send an SMS message containing a link to download the app, to all contacts in the device’s contact list. Cybereason notes that FakeSpy utilizes anti-emulation techniques and will behave differently if run in an emulated environment and that FakeSpy is being actively and frequently updated. The operator behind the campaigns is likely to be the Chinese threat actor group.