PhoneSpy malware
Data theft and clandestine camera streams: Scary Trojan horse makes Android users naked
Time and again, Google struggles with security problems with its Android smartphone system. Now a particularly curious Trojan has been discovered.
Monitoring the location, reading text messages or stealing bank data: Even on smartphones, users are increasingly struggling with malware that is targeting their sensitive data. A new Trojan has now been discovered with PhoneSpy, which is so data-hungry and powerful that it leaves the owners of the infected Android smartphones almost completely blank from the hackers.
The campaign was discovered by the experts at Zimperium. The company explains in a blog post that the new pest was discovered by chance during routine examinations. It was only during the investigation that it was noticed that the program tried to access virtually all of the data that it could get – including live streams from the microphone or camera.
Spy on the home screen
The app doesn’t even work in the background. “PhoneSpy is hiding right in front of our eyes,” explains the Post. Instead of secretly smuggling through back doors onto your smartphone, PhoneSpy disguises itself as a completely normal app, for example for yoga training or live streaming from TV channels. “In reality, the app steals data, messages, photos and remotely takes control of the smartphone.”
Once installed on the device, the app tries to get a lot of permissions from the user, such as access to the camera and data storage. Because such queries are also queried by legitimate apps, they should often be successful. The list of real possibilities of the app is long. PhoneSpy can, among other things:
- Read SMS and write on orders from the people behind it, without the user noticing anything
- Access images, data and documents
- Monitor the location via GPS
- Monitor phone calls
- The cameras and microphones take over and transmit both individual recordings and live streams
- Prevent the deletion of the app by hiding it from menus and the app drawer
- And last but not least, stealing login data with false log-in screens, attempts are known on Instagram and Facebook, for example.
Who is behind it?
The good news: So far, there has been no evidence that the camouflage apps got officially onto the smartphone. During checks, the malicious code was not found in any of the well-known app platforms such as Google’s Playstore or the Amazon Appstore, the discoverers all warned. They suspect that the victims are being lured by prepared links to download the apps, but do not go into any further detail. It is also possible that the app would be distributed to their contacts via the function without the victims’ knowledge.
All of the almost 1,000 known pieces of information were discovered in South Korea, and the infected apps were also in the local language, the report says. However, it cannot be ruled out that the attacks could also appear in variants of the software in other parts of the world. The range of stolen data ranged from personal photos to company documents. Because the danger for companies and authorities was considered to be the greatest, the law enforcement authorities in South Korea and also in the USA were informed.
The experts do not express any suspicion as to who might be behind the campaign. However, PhoneSpy is strikingly reminiscent of the Pegasus espionage software from the Israeli NSO group that was exposed in the summer of this year. It had been used, among other things, to monitor journalists and political activists. The US government has just imposed an export ban on the software.
Source:Zimperium