Researchers at Trend Micro have uncovered a new mobile malware that is “riddled with espionage features.”
Trend Micro researchers discovered the trojan malware, CallerSpy, in May on a phishing website that was advertising the chat app “Chatrious.” However, soon after being found the website became inactive for months.
In October, the website returned this time hosting a different chat app called “Apex App.” Researchers identified this as a spyware family that steals user’s personal information.
According to researchers, CallerSpy claims it is a chat app, however no chat features were identified, but rather it was “riddled with espionage behaviours.”
Once it is downloaded and launched, a connection with the Command & Control server is initiated to monitor upcoming commands. CallerSpy then uses Evernote Android-Job to start scheduling jobs to steal information.
Many of the CallerSpy capabilities include collecting call logs, text messages, contacts, files on the devices. In addition, it can record audio information, track an infected device’s location, and take screenshots and send them to the command and control server.
Researchers explained that the malicious domain masquerades as Google, even including copyright details at the bottom of the website, to trick users into downloading the app.
The domain was registered in February but it remains unknown as to who is responsible for setting it up. It is believed that CallerSpy is part of a targeted cyber-espionage campaign, although the motive behind it is unclear.
Currently, there is evidence to show that CallerSpy is designed to target Android users.
“So far, our monitoring has not found any volume infection, which could mean that the threat actor may be waiting for a chance to spread the malware,” wrote Trend Micro.
Android users are recommended to install security software onto their phones to protect themselves from attacks.
Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.