A new breed of malicious mobile malware that is designed to steal the victim's personal information by spying on calls, texts, and other communications is sneaking into Android devices by disguising itself as a fake messaging app.
Security researchers at Trend Micro identified and exposed the potential threat, which they believe is a part of a cyber espionage campaign. Smartphones are often used by attackers as a medium to deliver the payload because not only do the devices contain a significant amount of personal information but the victim also carries the device with him or her most of the time.
The perfect disguise
The malware in question is called CallerSpy and is a "Trojan" malware, which derives its name from the ancient Greek tale about soldiers sneaking through the gates of Troy by hiding inside a wooden horse. Just like the Greek army, some malware can slip into your device unnoticed through seemingly harmless apps that you have installed.
The folks at Trend Micro first uncovered the malicious malware in May this year after stumbling upon a fake Google web address that promoted a chat app called Chatrious. However, not long after being discovered, the webpage hosting the malicious Android application package (APK - the file format that Android uses to distribute and install apps) vanished into thin air.
However, it came back in October, but this time masquerading itself as a new malicious messaging app called Apex App. Although both Chatrious and Apex App were advertised as chat apps, they did not have any messaging capabilities but were instead laced with malware.
The website that hosted the fake messaging apps is designed to look like Google down to the copyright information. However, the URL was found to have an additional "O" in Google. But on mobile browsers, this information may not be displayed or be evident.
What is it capable of?
Once CallerSpy tricks users into downloading the chat app and launching it, it automatically connects to a command-and-control server, which then tells it what to do. This includes stealing call logs, text messages, contacts, photos, videos and other files on the device.
CallerSpy also has the ability to manipulate the device's microphone to record audio of its surroundings and take screenshots of user activity. All of the above mentioned information is then uploaded to the main server from time to time. While currently the malware only targets Android users, the download section of the fake Google website suggests there will be Apple and Windows versions of the fake chat apps as well in the future.
How to protect your device?
Researchers advise installing security software on your smartphones in order to protect yourself from attacks that exploit vulnerabilities, prevent unauthorized access to apps, and detect and block malware and fraudulent websites. Moreover, users can ensure their device's safety by being careful about where they're downloading apps from – download them only from official app marketplaces like the Google Play Store.