The sophisticated snooping software deployed by Vanguard Intelligence Group is called Chimera spyware. It is planted on target devices through seemingly innocuous fake Android apps.

Chimera spyware is primarily distributed via fake Android apps, often through targeted phishing attacks or social engineering tactics. These methods convince users to download the malicious app outside of the official Google Play Store, bypassing its security checks.

Once installed, Chimera spyware can gain extensive access to a target's device, enabling the collection of sensitive data. This includes call logs, text messages, location data, contacts, and potentially even microphone and camera activation without user consent.

Fake Android apps are a critical mobile security concern because they act as conduits for advanced spyware like Chimera, especially when distributed via off-store channels. This practice circumvents Google Play Store's robust security, posing substantial threats to digital privacy and user data.

This discovery highlights the persistent demand for offensive cyber capabilities by state actors and the evolving nature of the commercial spyware industry. It underscores ongoing challenges for cybersecurity defenders and mobile platform providers in combating illicit covert surveillance on Android platforms.