Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Powerful New Android Spyware Targets Business Executives (helpnetsecurity.com)

Posted by EditorDavid on from the exploits-for-executives dept.

Orome1 quotes HelpNetSecurity: "Researchers from mobile security outfit Skycure have recently analyzed a malicious app they found on an Android 6.0.1 device owned by a vice president at a global technology company. The name of the malicious package is 'com.android.protect', and it comes disguised as a Google Play Services app. It disables Samsung's SPCM service in order to keep running, installs itself as a system package to prevent removal by the user (if it can get root access), and also hides itself from the launcher." The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.
According to the article, "chances are someone took advantage of the physical access they had to the device to do the dirty deed."

18 comments

  1. thank God by Anonymous Coward · · Score: 0

    I am poor working slave majority

  2. I'm one of the targeted by Anonymous Coward · · Score: 0

    All they are going to get is maybe some of the people I communicate with and a bit of BitCoin (don't store anything of significance on my phone at any given time, just enough for food and such things at local businesses).

  3. Original Article by Anonymous Coward · · Score: 0

    https://www.skycure.com/blog/exaspy-commodity-android-spyware-targeting-high-level-executives/

    1. Re:Original Article by Anonymous Coward · · Score: 1

      so a security firm found ONE app, with a stock RAT and it's now a major security alert! there are literally thousands of malware samples uploaded on virustotal each day that will blow their minds

    2. Re:Original Article by ArmoredDragon · · Score: 1

      Yeah, and not newsworthy either. Android is basically the only platform that even permits antivirus type apps, and some companies are in the business of security theater, so they love to make you think your device is insecure so that you'll pay money for them to put on a show. Only thing is, even in the case of Android, there's just no comparison at all to the PC days of big malware infections -- the security model is just vastly improved, and Google does all of the "virus scanning" you need before you download the app, and even after you've downloaded it if something is found, you'll be aware. You literally have to go out of your way to get malware.

    3. Re:Original Article by Anonymous Coward · · Score: 1

      Google can't even get app developers to set the appropriate permissions for their apps. I saw a frickin stopwatch app that required access to the microphone and the address book.

      Their sandbox model is broken. Also the way they inform you of the permissions an app requires before you install it through the play store is very sneaky.

  4. i know the source by Anonymous Coward · · Score: 1

    it was made by a brazilian office named reweb or any shit from squaregroup. they support organized crime and drug smuggling on brazil.

  5. So it's like the stock phone software, then? by Anonymous Coward · · Score: 1

    "The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on."

    This is exactly what they can already do. I refuse to speak whenever there is a surveillance device in the same room, even.

    1. Re:So it's like the stock phone software, then? by Anonymous Coward · · Score: 0

      You must be fun at parties

  6. Say no to employer apps by bigbang137 · · Score: 4, Insightful

    And this is why you never install anything proprietary offered by your employer - you never know what spyware is bundled in it. Especially if you work for a big organization, your corporate upper management is the one most likely to want to you spy on you. I take this very seriously.

    1. Re:Say no to employer apps by bigbang137 · · Score: 1

      If they really need an app installed, let them provide their own device for it. Assuming you cover the camera, that too can at least record audio.

  7. Skycure app for Android by bigbang137 · · Score: 1

    Crowdsourcing malware detection app: https://play.google.com/store/...

  8. Android is a spyware in itself by Anonymous Coward · · Score: 0

    Android is a spyware in itself

  9. Give me a break by Anonymous Coward · · Score: 0

    Android, itself, is spyware. Why do you think a huge advertising company bought it in the first place?

  10. Old news by penguinoid · · Score: 2

    The spyware is able to collect chats and messages sent and received via SMS, MMS, and popular email and IM apps; record audio and telephone calls; collect pictures and take screenshots; collect contacts, browser histories, the contents of the calendar, and so on.

    Sounds to me like pretty much what a standard phone OS does, except the OS is more advanced and doesn't need screenshots. I guess it's malware because it shares the information with the wrong person?

    --
    Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
  11. Didn't you hear? by Ol+Olsoc · · Score: 0

    Google says Android is secure.

    --
    The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    1. Re: Didn't you hear? by Anonymous Coward · · Score: 0

      This needs root access to do half of what it does. It would make no difference if it was iPhone

    2. Re:Didn't you hear? by Ol+Olsoc · · Score: 1
      While some tools decided that I was issuing flame bait or trolling, I was merely reporting the truth, and referenced in this slashdot story:

      https://apple.slashdot.org/sto...

      Theer truth is a dangerous and powerful thing. Crush the fuck out of it as it must be destroyed. Mod this post down to show that you prefer the lies that make you comfortable. Do it - you will feel much better.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.