16 January 2015
If you have an Android phone, you probably use it for everything. It’s your phone, your camera, and the best way to keep up with friends and family on the myriad of social networks at your disposal. This week, Malwarebytes tipped us off to a nasty app called PhoneSpy that takes advantage of our trusting relationship with our phones to harvest the most personal of information.
This isn’t about leaking data to advertisers or SMS scams, this is about attackers stealing your photos, reading your messages, and tracking your location.
As with many malicious Android apps, attackers using PhoneSpy inject malicious code into safe apps obtained from the Google Play store.These infected apps are then re-posted onto third-party app stores.
Once installed, an app infected with PhoneSpy starts up on its own and grants itself admin rights. Then, PhoneSpy creates a special database to store call logs, contacts, events, and messages. It even swipes photos taken with the infected Android device, and tracks the victim’s location.
Once PhoneSpy has collected some data, it begins uploading the information it gathers to a URL. Presumably, where the attacker can retrieve the information for their own purposes.
Malwarebytes isn’t clear on who might be behind PhoneSpy. Typical Internet ne’er-do-wells would use an Android Trojan to steal bank logins, defeat two-factor authentication, or simply sign up victims with for-pay SMS services. In short, anything that can quickly earn the bad guys money.
But there’s not much immediate profit to be made with someone’s call logs or selfies, which makes me think PhoneSpy might have more insidious goals. For example, Remote Access Trojans (RATs) are sometimes used by attackers to obtain personal information from victims, and then blackmail them. One tragically common tactic is called “sextortion,” and usually involves attackers demanding sexual favors in the form of images and videos from their victims.
PhoneSpy might also be sold to jealous spouses to install on the devices of their significant others. PhoneSpy’s location tracking, call logging, and photo-stealing abilities might place it into this category.
PhoneSpy uses the tried-and-true tactic of injecting malicious code into legitimate apps. To the average observer, the app looks entirely safe. However, Trojanized apps almost never make it on to Google Play and are instead hosted on third-party app stores. As always, I advise every Android user to never download apps from outside Google Play. Let Google do the work of being your first line of defense.
It’s also a good idea to install security software on your Android. Malwarebytes has an offering available, and both Bitdefender Mobile Security and Antivirus and avast! Mobile Security & Antivirus are PC Mag Editors’ Choice winners. Whatever you pick, your Android will be safer.
Source – http://securitywatch.pcmag.com/mobile-security/331088-mobile-threat-monday-android-malware-looks-safe-steals-your-photos-and-messages