> 1,000 Android Phones Found Affected By Terrible New Spyware
More than 1,000 Android users have been exposed to newly discovered malware that secretly records audio and video in real time, downloads files and performs a variety of awesome surveillance activities.
In total, researchers uncovered 23 apps that secretly installed spyware, which researchers at security firm Zimperium are calling phone spies. The malware offers a full range of capabilities, including printing and stealing documents, transferring GPS location data, editing Wi-Fi connections, and cracking passwords on Facebook, Instagram, Google, and Cocoa Talk messaging. This includes attacking overlays. Application
Zimperium researcher Azeem Yasont wrote, “These malicious Android apps are designed to run silently in the background, without a doubt constantly spying on their victims.” “We believe that the malicious actors responsible for PhoneSpy have gathered a considerable amount of personal and corporate information about their victims, including private communications and photos.”
So far, all known victims are located in South Korea, but Zampirim has not ruled out the possibility that people in other countries are being targeted. Researchers have not yet determined whether there is a link between the victims. Because PhoneSpy is capable of downloading contact lists, it is possible for victims to know each other or otherwise be connected through work or other affiliations.
The image that emerges from Zimperium’s analysis is that of a modern and mature spyware package with a wide range of features. Wednesday’s analysis said:
The mobile application acts as an advanced remote access Trojan (RAT) threat to Android devices that receive commands to collect and extract large amounts of data and perform various malicious operations. Performs and implements, such as:
- Complete list of installed applications
- Steal credentials using phishing.
- Steal photos.
- GPS location monitoring
- Steal SMS messages.
- Steal phone contacts.
- Steal call logs.
- Record audio in real time.
- Record video in real time using front and rear cameras.
- Access the camera to take pictures using front and rear cameras.
- Send SMS with attacker controlled text to phone number controlled by attacker.
- Extract device information (IMEI, brand, device name, Android version)
- Hide its presence by hiding the icon from the device’s drawers / menus.
When infected, the victim’s mobile device will share accurate GPS location data, photos and communications, contact lists, and downloaded documents with the command and control server. Like the other mobile spyware we’ve seen, the data stolen from these devices can be used for personal and corporate blackmail and espionage. Malicious actors can then create notes on the victim, download any stolen material, and gather intelligence for other nefarious purposes.
Zampirim did not find any evidence that any app was available in Google Play or third party app Marketplace. Researchers suspect that phonespace apps are being distributed through web traffic redirection or social engineering, but did not elaborate.
These capabilities are similar to those of Pegasus, the name of the malware that the Israeli developer NSO Group sells to governments around the world to expose criminals, terrorists, and, most often, offenders, lawyers, and others in countries with oppressive regimes. Spy on people. Last week, the Biden administration banned the export, re-export, and in-country transfer of NSO malware.
Unlike Pegasus – for either iOS or Android “Zero-click” Installs itself using – PhoneSpy affects targets by appearing as a legitimate app for learning yoga, viewing pictures, watching TV, or similar unique activities.
Zampirim has no details on who is behind the phone. The campaign was active until Wednesday morning. As always, Android users should be wary of apps, especially when they are being distributed by unknown developers through third party markets.