New Android Malware Targets Facebook, WhatsApp, WeChat And 40 Other Apps
Beware smartphone users as some of the most popular social apps and browsers are being targeted by a new Android malware that can steal data from over 40 popular apps. The targeted apps and browsers include Facebook, WhatsApp, Skype, Telegram, WeChat, Line, Viber, QQ, Tango, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
Dubbed as โSpyDealer, this advanced form of Android malware was first discovered by cyber-security company Palo Alto Networks. According to the researchers, SpyDealer can harvest an exhaustive list of personal information including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location and connected Wi-Fi information. It can also automatically answer incoming phone calls from a specific number, track a deviceโs location, and record images and audio. Further, it can tap into phone calls and videos, take photos with both the front and rear camera, and screenshots that can capture personal information.
Apparently, the SpyDealer malware is effective only on devices that are running older Android operating systems, specifically between versions 2.2 Froyo and 4.4 KitKat. This means that 25% of the active Android devices worldwide are still running on these versions. With two billion active Android devices, that potentially means 500 million Android devices are vulnerable to having sensitive data stolen by these malware.
SpyDealer is able to open a backdoor onto compromised devices by abusing a commercially available Android Accessibility Service feature to root phones into providing superuser privileges. To do so, the malware roots the device using the Baidu Easy Root, a third-party commercial app that is usually used to jailbreak a device. Besides this, the SpyDealer malware can also remotely control the device via UDP, TCP, and SMS channels.
Until now there is no evidence of how devices were initially infected with the malware.
โWe do not know exactly how devices are initially infected with SpyDealer, but have seen evidence to suggest Chinese users become infected through compromised wireless networks,โ said Wenjun Hu, Cong Zheng and Zhi Xu in a blog post.
Even though this malware was just discovered, researchers have traced its activity of infecting devices to as far as October 2015. It appears that SpyDealer is still actively updating the malware, with three versions of the malware spotted in the wild. The most recent sample observed by researchers was created in May 2017.
Experts believe the malware codenamed โGoogleUpdateโ or โGoogle Serviceโ was not spread through the Google Play store. Instead, the malware is being distributed through third-party app stores. Meanwhile, Google has been notified of the malware who have already taken necessary measures through Google Play Protect to resist the threat.
Source: Gadget 360