What if you come to know that your application is able to spy on you? Steal your data from your android phone? automatically answer your incoming phone calls from a specific number? Just imagine the consequences of such a scenario we have come across recently. Yes you heard it right, your own android phone, where a malware has sneaked into all your applications gaining root privilege which enables the subsequent data theft.
Palo Alto Networks' researchers recently discovered an advanced Android malware, named 'SpyDealer' which reportedly exfiltrates private data from over 40 apps. The trojan is said to steal information from communication apps by abusing the Android accessibility service feature. SpyDealer steals messages from communication apps using the Android accessibility service feature and leverages the exploits from a commercial rooting app called Baidu Easy Root to gain rooting privileges and to maintain persistence on the target.
The 40 popular apps that the malware has sneaked into include WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao and Baidu Net Disk. The mobile malware only works Android versions from 2.2 up to 4.4 releases (roughly 25% of all Android devices), that are the versions supported by the rooting tool. Once installed, the malware registers two broadcast receivers to listen for events related to the device booting up and network connection status. Even when the malware is not able to root the device, it is able to steal a significant amount of sensitive data.
According to researchers SpyDealer can harvest an exhaustive list of personal information including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location and connected Wi-Fi information. It can also automatically answer incoming phone calls from a specific number. The trojan can also spy on a user by recording the phone call and the surrounding audio and video. It can even take photos as well as screenshots with using device's both front and rear cameras. Attackers can remotely control the infected Android device via UDP, TCP and SMS channels. PaloAlto Networks believe the malware is under active development, the researchers already detected 1,046 samples of SpyDealer belonging to at least three differed variants.
The good news is that SpyDealer isn’t distributed through the official Google Play store, the malware experts observed Chinese users being infected compromised wireless networks. Though the trojan came to light recently, researchers have traced its activity to as far as October 2015. Also, at this point, the malware can only affect Android devices running on Android 4.4 KitKat and older. This means some 25% of the Android OS' total user base. On devices running later versions of Android, it can still significant amounts of information, but it cannot take actions that require higher privileges.
No comments:
Post a Comment