Application is also capable of activating the microphone and transmitting call data and documents stored on the cell phone. Malicious app was never registered in the Play Store.
Experts from the security company Zimperium have discovered a new spy program for Android that is able to monitor virtually all data and resources on the smartphone – including the camera, microphone, messages and files.
Zimperium, which is part of the “App Defense Alliance” – a group formed by Google to improve Android security -, said it confirmed that the malicious app was never registered on the Play Store, the official Android store.
The spy program arrives on the smartphone disguised as a “system update” and is installed alongside apps offered in so-called “alternative stores” of apps.
Once installed on the phone, it hides its icon and disappears from the main list, making it difficult to remove the application.
What caught the attention of the experts, however, was the broad scope of the program to provide access to phone data.
The application accesses the internet to receive commands from a control server, indicating which data should be collected. Among the monitored information are:
SMS and WhatsApp messages; if the phone has “root access”, this includes the entire WhatsApp database, which can give access to deleted messages.
Content of notifications.
Call and contact history.
Browsing history and bookmarks from various browsers.
Phone data, such as installed apps, storage statistics and clipboard (“copy and paste”).
GPS location data.
Microphone and camera, being able to record calls or take pictures at any time.
Photos and videos (it can only steal thumbnails of files to reduce data consumption).
Documents (the app scans PDF files and Microsoft Office files under 30 MB to send them to the control server).
Due to the diversity of functions of the application, Zimperium experts classified the code as “sophisticated”. The ability to create thumbnails of photos and videos, for example, is considered rare by experts.
Understand when your phone’s camera can be hacked and how to protect your photos from hackers
Privacy on WhatsApp calls: understand how it can be possible to ‘wiretap’ a call even with encryption
However, the spy app also takes advantage of Android’s accessibility services to steal data from many applications – such as WhatsApp, for example. This is a known technique and has been used by other spy programs.
The accessibility features are intended to facilitate the use of the smartphone, especially by blind people. For this reason, programs that are given accessibility permissions are allowed to read any information on the screen.
When the feature is used legitimately, this reading of the screen helps the user to hear or see an enlarged version of the content being shown. When used in spy programs, reading the screen serves only as a method to collect information improperly.
This new spy program reinforces two security recommendations for Android users: avoid unofficial stores and not perform the “root” process, as this mechanism enhances the capabilities of malicious apps.