APT / THREAT GROUP
Shopper
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Shopper/LeifAccess is a malicious Android app that uses Android's AccessibilityService to secretly control the device. It installs apps, leaves fake reviews, opens ads, and even registers users on various platforms. Disguised as a system app, it collects personal and device information and sends it to remote servers. The malware was most active in late 2019, especially in Russia, Brazil, and India.
Threat Analysis
Shopper is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Shopper
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
The Record· May 20, 2026
Congressman launches inquiry into how food retailers use surveillance pricing
The Record· May 12, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
ShopperLeifAccessapk.shopper
External Intelligence
Malpedia: apk.shopperResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.