New Android malware disguised as Chat App


A new form of mobile malware created to snoop on calls, texts and other communications is targeting Android users by tricking them into downloading a fake chat application.

The trojan malware which has been named CallerSpy, was discovered and detailed by cybersecurity researchers at Trend Micro. They believe that the malware attacks are part of a cyber espionage campaign.

Smartphones have always been a useful target for attackers who aims at cyber espionage because, these devices contain large amounts of information and is also present with the target all the time.

Initially the researchers discovered this threat in May when they found a fake Google web address advertising a chat app called Chatrious. But soon after being discovered, the page hosting the malicious Android application package (APK) file disappeared.

Later it came back in October, but was hosting a new malicious chat application called Apex App. Similar to Chatrious, this is a front for CallerSpy malware.

In spite of being advertised as a chat application, the CallerSpy apps does not contain any chat capabilities, but are riddled with espionage features.

Once downloaded and launched, it will connect to a command-and-control server that the malware takes orders from as it goes about snooping on the device.

The malicious capabilities of CallerSpy include collecting all call logs, text messages, contact lists and files on the device, the ability to use the phone’s microphone to record audio of its surroundings, as well as being able to take screenshots of user activity. All of the stolen data is periodically uploaded to the crooks.

The malicious website hosting CallerSpy malware downloads is designed to look like Google, complete with copyright information. But if you take a closer look, the URL shows the address has one more O in Google than it should be. But on some mobile browsers, this information won’t always be displayed or clear.

According to the researchers those who are behind it has set up the CallerSpy distribution page as the initial phase of a targeted cyber-espionage campaign. However, it is not clear of the actual motive of the attacker or who they’re trying to target as there’s no indications of infections being discovered in the wild yet.

At present there is evidence of CallerSpy being built to target Android, but the download section of the website hosting the false chat app suggests that they have plans to distribute Apple and Windows versions as well.  

All the users are highly recommended to install security software on phones to protect against attacks. The users can keep themselves safe being aware of what they download and by ensuring their device is patched and up to date.

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    StrandHogg vulnerability affects Android OS

    Previous article

    Avast and AVG Browser Extensions Spying on Chrome and Firefox Users

    Next article

    You may also like

    More in Malware


    Leave a reply

    Your email address will not be published. Required fields are marked *