» 제거하는 방법 » 악성 과정 » 안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

안드로이드 채팅 응용 프로그램으로 CallerSpy 스파이웨어 마스크

Trend Micro experts 발견 the malware CallerSpy, 안드로이드 채팅 응용 프로그램으로하는 마스크와, 연구자에 따라, 큰 스파이웨어 캠페인의 일환이 될 수.

alware targeted at Android users, 트랙 호출하도록 설계, 문자 메시지 등.

"우리는 피싱 웹 사이트에 채팅 애플리케이션으로 위장한 새로운 스파이웨어 가정을. 우리는 애플 리케이션 있다고 생각, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign”, — write Trend Micro experts.

Researchers first noticed the threat back in May of this year: a fake Google page advertised a chat application called Chatrious. Soon after the discovery, the page with the APK file disappeared, and the malware was re-noticed only in October this year, already disguised as a chat called Apex App.

Both of these applications were just a screen for the CallerSpy.

The malicious site hosting CallerSpy-infected applications mimics Google, although even with a quick check of the URL can be noticed excessive “o” letter in the Google name.

또한 읽기: 안드로이드의 취약점은 공격자가 공식 응용 프로그램과 같은 악성 코드를 마스크 할 수 있습니다

운수 나쁘게, in some mobile browsers this information is not always displayed and is not always noticeable. Experts note that the domain was registered in February 2019, but there is no information about its owners.

Although the malware spread under the mask of chat applications, in fact it does not contain any functionality of this kind, but have in abundance completely different functions.

“CallerSpy claims it’s a chat app, but we found that it had no chat features at all and it was riddled with espionage behaviors. When launched, CallerSpy initiates a connection with the C&C server via Socket.IO to monitor upcoming commands. It then utilizes Evernote Android-Job to start scheduling jobs to steal information”, — write Trend Micro researchers.

Researchers say that after downloading and launching the application, they connected to the management server and expected further commands. At the command of its operators, CallerSpy is able to collect call logs, text messages, lists of contacts and files on the device, can use a microphone to record ambient sounds, and also take screenshots of any user actions. All stolen data is transmitted to attackers.

독서  게시 된 신비한 여성 해커는 Windows에서 권한 상승 취약점을 증가시키기 위해 악용 10

지금까지, Trend Micro experts cannot say about about the motives of the attackers are and what is the target of this malicious campaign, since so far no CallerSpy infections have been detected among users.

Although CallerSpy focused exclusively on Android users, judging by the download section on the site, which hosts the fake chat application, attackers also plan to distribute versions for Apple and Windows. This may indicate that in the future CallerSpy will be associated with a larger malware campaign.

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

제거 Vmicsvc.exe CPU 윈도우에서 광부 트로이 목마 10

브랜드 새로운, 정말 안전하지 않은 암호 화폐 광부 감염은 보안 연구자들에 의해 발견되었다. 악성 코드, …

IntelAudoServic.exe 광부 바이러스 – 그것을 제거하는 방법

새로운, 매우 위험 암호 화폐 광부 감염 실제로 안전과 보안에 의해 확인되었다 …

회신을 남겨주