Punit Agarwala
Recently, newly discovered malware infected more than 1000 Android users. The dangerous malware secretly records audio and video in real-time. It can even download files and can do a variety of other creepy spying activities.
Researchers exposed a total of 23 Apps that secretly installed the new spyware. The researchers of security firm Zimperium called this spyware as PhoneSpy.
The malware has a series of dangerous capabilities that include secretly listening to a conversation, document theft, transmitting GPS location data, modifying Wi-Fi connections, and overlay attacking Facebook, Instagram, Google, and the Kakao Talk messaging application for stealing passwords.
“These malicious Android apps are designed to run silently in the background, constantly spying on their victims without raising any suspicion,” Zimperium researcher Aazim Yaswant stated. “We believe the malicious actors responsible for PhoneSpy have gathered significant amounts of personal and corporate information on their victims, including private communications and photos.”
So far, All the known victims are from South Korea. However, Zimperium didn’t claim that people from other countries aren’t being targeted. So, there is a possibility that the malware is affecting other countries’ devices also.
As the PhoneSpy can download users’ contact lists, the researchers are trying to find a connection between the victims. It’s possible that the targeted people are known to each other or connected through any other ways like work.
What the new spyware can do
The below-mentioned data are collected from Zimperium analysis. Here, you can see the advanced and mature spyware package with full features. Wednesday’s analysis said:
“The mobile application poses a threat to Android devices by functioning as an advanced Remote Access Trojan (RAT) that receives and executes commands to collect and exfiltrate a wide variety of data and perform a wide range of malicious actions, such as:
- Complete list of the installed applications
- Steal credentials using phishing
- Steal images
- Monitoring the GPS location
- Steal SMS messages
- Steal phone contacts
- Steal call logs
- Record audio in real-time
- Record video in real-time using front & rear cameras
- Access camera to take photos using front & rear cameras
- Send SMS to attacker-controlled phone number with attacker-controlled text
- Exfiltrate device information (IMEI, Brand, device name, Android version)
- Conceal its presence by hiding the icon from the device’s drawer/menu
Upon infection, the victim’s mobile device will transmit accurate GPS locational data, share photos and communications, contact lists, and downloaded documents with the command and control server. Similar to other mobile spyware we have seen, the data stolen from these devices could be used for personal and corporate blackmail and espionage. The malicious actors could then produce notes on the victim, download any stolen materials, and gather intelligence for other nefarious practices.”
In the investigation, Zimperium didn’t get any clue of having the apps in Google Play or third-party app marketplaces. The researchers speculate that the attackers are distributing the PhoneSpy apps through web traffic redirection or social engineering.
The capabilities of the new spyware are similar to Pegasus. Pegasus is also a malware that Israeli developer NSO Group sells to the governments of different countries across the globe. So, that they can spy on criminals, terrorists, or other people for stopping crimes.
Zimperium currently doesn’t have any idea of the attackers who are behind this vulnerability. But Android users should make distance themselves from unknown and spurious third-party Apps.
Comments
Loading…