News

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, according to researchers, could be part of a larger spyware campaign.

Malware targeted at Android users, designed to track calls, text messages and so on.

“We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign”, — write Trend Micro experts.

Researchers first noticed the threat back in May of this year: a fake Google page advertised a chat application called Chatrious. Soon after the discovery, the page with the APK file disappeared, and the malware was re-noticed only in October this year, already disguised as a chat called Apex App.

Both of these applications were just a screen for the CallerSpy.

The malicious site hosting CallerSpy-infected applications mimics Google, although even with a quick check of the URL can be noticed excessive “o” letter in the Google name.

Read also: Vulnerability in Android allows attackers to mask malware as official applications

Unfortunately, in some mobile browsers this information is not always displayed and is not always noticeable. Experts note that the domain was registered in February 2019, but there is no information about its owners.

Although the malware spread under the mask of chat applications, in fact it does not contain any functionality of this kind, but have in abundance completely different functions.

“CallerSpy claims it’s a chat app, but we found that it had no chat features at all and it was riddled with espionage behaviors. When launched, CallerSpy initiates a connection with the C&C server via Socket.IO to monitor upcoming commands. It then utilizes Evernote Android-Job to start scheduling jobs to steal information”, — write Trend Micro researchers.

Researchers say that after downloading and launching the application, they connected to the management server and expected further commands. At the command of its operators, CallerSpy is able to collect call logs, text messages, lists of contacts and files on the device, can use a microphone to record ambient sounds, and also take screenshots of any user actions. All stolen data is transmitted to attackers.

So far, Trend Micro experts cannot say about about the motives of the attackers are and what is the target of this malicious campaign, since so far no CallerSpy infections have been detected among users.

Although CallerSpy focused exclusively on Android users, judging by the download section on the site, which hosts the fake chat application, attackers also plan to distribute versions for Apple and Windows. This may indicate that in the future CallerSpy will be associated with a larger malware campaign.

Polina Lisovskaya

I works as a marketing manager for years now and loves searching for interesting topics for you

Recent Posts

Remove Thi-tl-310-a.buzz Pop-up Ads

About Thi-tl-310-a.buzz Thi-tl-310-a.buzz pop-ups can not expose out of the blue. If you have clicked…

5 hours ago

Remove Toreffirmading.com Pop-up Ads

About Toreffirmading.com Toreffirmading.com pop-ups can not open out of the blue. If you have clicked…

5 hours ago

Remove News-xboveho.site Pop-up Ads

About News-xboveho.site News-xboveho.site pop-ups can not introduce out of the blue. If you have actually…

5 hours ago

Remove Glayingly.com Pop-up Ads

About Glayingly.com Glayingly.com pop-ups can not open out of the blue. If you have clicked…

6 hours ago

Remove News-xcexive.live Pop-up Ads

About News-xcexive.live News-xcexive.live pop-ups can not expose out of nowhere. If you have clicked some…

6 hours ago

Remove News-xcabufe.info Pop-up Ads

About News-xcabufe.info News-xcabufe.info pop-ups can not expose out of the blue. If you have actually…

6 hours ago