Friday , 23 March 2018
Home >> I >> Internet >> SpyDealer takes control of Android phones and steals information from encrypted messaging apps

SpyDealer takes control of Android phones and steals information from encrypted messaging apps

 An Android malware that exfiltrates information from some-more than 40 communication apps, including WhatsApp, Facebook and Skype, has been detected by Unit 42, Palo Alto Networks’ hazard comprehension department.

‘SpyDealer’ steals messages and other personal data, like hit details, by exploiting a Android accessibility service. It is also means to record calls and a surrounding audio and video, as good as monitoring a device’s plcae and holding photos regulating a cameras. The malware roots a device and maintains diligence regulating a Baidu Easy Root app.

Many of a apps that SpyDealer steals information from use end-to-end encryption. To get around this, a malware authors implemented an additional accessibility use to take plain messages by directly extracting texts from a screen, regulating a base privilege.

At present, a malware is not being distributed by a Google Play Store, and a existence has been reported to Google. Unit 42 is uncertain accurately how it is infecting users, though has seen justification suggesting that SpyDealer is regulating by compromised wireless networks in China. All of a 88 authority control servers that Unit 42 has celebrated SpyDealer regulating are in China, bar 3 in a USA.

Mitigating a hazard somewhat, a malware is usually totally effective opposite inclination regulating comparison versions of Android (2.2 to 4.4), as those are a usually ones upheld by Baidu Easy Root. SpyDealer can still impact newer Android inclination and take data, though can't take actions that need aloft privileges.

Unit 42 has found some-more than 1,000 samples of SpyDealer in a furious to date (most regulating a app name ‘GoogleService’ or ‘GoogleUpdate’). The initial representation was seen in Oct 2015 and a latest in May 2017. The organisation has tracked 3 apart versions – suggesting that a malware is still underneath development. See Unit 42’s full research of a program here.

Further reading



  • <!–

  • Save this article

  • –>

==[ Click Here 1X ] [ Close ]==