Researchers recently discovered a new Android malware that finds sensitive information on devices and sends it to hacker-controlled servers.
The malware disguises itself as a system update users must download from a third-party store, according to researchers from Zimperium. The app is actually a remote-access trojan (RAT) that collects and conducts commands from the command-and-control server. The virus has a full range of capabilities, including stealing messages, inspecting internet bookmarks and search history, recording audio, and phone calls, taking pictures through the front and rear cameras, monitoring GPS location, and so much more.
The list of messenger programs the app can steal from includes WhatsApp, which has over a billion users and promises greater security and encryption than other programs. One thing to note is that the malware only gets total control if it has root access to the device.
If the app doesn’t get the root access it needs, it can still collect information, including conversation history. It does this by tricking victims into allowing Android accessibility services. These services are built into the OS and make it easier for those with disabilities such as color blindness to use their machine. It includes things such as modified displays and text-to-voice feedback. Accessibility services allow the app to scrape the WhatsApp screen and still collect some information.
Another function of the app is stealing files from external storage devices. The app collects thumbnails to reduce bandwidth usage, which could tip off the victim that something is wrong. The malware sends the data to hackers when the device connects to Wi-Fi. It sends a reduced data package over mobile connections.
While the app has every spying feature a malware program could want, there is one fatal flaw – it can’t infect devices without first tricking the user into making a decision. This decision is one that most experienced users won’t take. You have to download an app from a third-party site. While the Google Play Store isn’t perfect, it’s generally accepted it’s a relatively trustworthy place to download apps.
Google declined to comment on the situation but did expressly state the app was never available on the official Play Store.