Posted on July 8, 2017 at 2:15 PM
Another form of Android malware was uncovered, and researchers say that its aim is to collect data from more than 40 apps. This includes even the most popular ones, like WhatsApp, Firefox, Facebook, and Skype. The real shock, however, is the fact that it has been around for almost two years now.
The malware was discovered by researchers from Palo Alto Networks. They named it SpyDealer, after discovering that it can harvest large amounts of personal data. The data in question includes messages, call history, phone numbers, as well as contacts, a location of the device, and also device’s WiFi information.
In fact, this malware’s spying abilities even allow it to record videos, phone calls, and even audio and video from device’s surroundings. Both rear and front camera can be used for taking photos, and also screenshots of personal info and sensitive data.
For now, its description says that it is a very advanced form of an Android malware. It can open backdoors on devices that it infects, and it does this by abusing Android’s accessibility service feature.
The analysis of this Trojan also uncovered that it does this by reusing root exploits that were also used by Baidu Easy Root, which is a commercial rooting app. This allows it to stay on the infected device and collect data.
It can receive special instructions from its command and control server, but also via text message. That way, the hacker or hackers responsible for dispatching it can give it detailed instructions on how to act and what to do.
Researchers also say that it is completely effective when it infects Android systems from 2.2 to 4.4. This limit exists because those versions are supported by the mentioned rooting tool. Despite the fact that these are some of the older systems that were released in 2010 and 2013, it seems that up to a quarter of Android users still have them activated.
That means that up to 500 million Android devices are potentially vulnerable to attacks from this malware. Its method of spreading is not yet known, but it was discovered that in China, users got the infection via unsafe wireless networks.
Also, since the oldest malware activity dates back to October 2015, it would seem that hackers behind this malware are spying and stealing data for over a year and a half. Even worse, the malware was receiving regular updates during the entire time, and it is still getting them. Most recent one was made in May of this year.
Google was immediately notified by Palo Alto Networks and the new protections are already sent through Google Play Protect. Even though many of the apps that this malware is targeting are used in China, a lot of them is also used all around the world.
The list of infected apps includes WeChat, WhatsApp, Facebook, Skype, Viber, Tango, Line, QQ, Telegram, Tencent Weibo, Sina Weibo, Android Native Browser, Oupeng Browser, Firefox Browser, QQ Mail, Taobao, NetEase Mail, as well as Baidu Net Disk.