SpyDealer steals data from 40 apps including Facebook, WhatsApp, Skype, Tango and Baidu, spy on messages and location—according to the researchers
A newley discovered spyware and malware said to be stealing data from fabled apps Including Facebook, Skype, WhatsApp and Firefox for the past two years.
The malware dubbed as “SpyDealer” was unseen until the researchers from Palo Alto Networks discovered it. The malware was collecting wide range of personal information on the phones including; contacts, messages, call history, Wi-Fi information and location of the device.
Recording of phone calls and videos was also suspected with cyberespionage capabilities found in this Trojan. The malware is capable of taking photos from both rear and front camera, record voice of surroundings, record videos and other sensitive information including device location.
SpyDealer is said to be the most advanced type of Android malware, it is able to open a backdoor for compromised devices. The malware exploits the commercially available Android accessibility feature to root phones and gain super-user privileges.
Researchers found that malware employs root exploitation using commercial rooting app “Baidu Easy Root” and remains on the device to harvest personal data.
Just like many other malwares, SpyDealer receives commands from control server in order to remotely control the infected device. The interesting thing researchers have found is the malware is only capable of compromising devices that are running on Android versions 2.2 to 4.4. The Android versions between this bracket are the most vulnerable devices and prey for this malware.
This practically means almost 500 million devices are still vulnerable who are running on older versions of software out of 2 billion devices.
Researchers are unaware of the fact how these devices became infected, but some evidence shows that Chinese users were attacked through compromised Wi-Fi networks.
Luckily the researchers from Plao Alto Network reported this ferocious threat to Google, in response Google has created new protections via “Google Play Protect” in order to remain safe from the threat.
The Malware is exploiting devices since, 2015 and exploited mostly Chinese apps in the count of 40.
The SpyDealer attempts to steal data from the following apps:
Facebook, Skype, WhatsApp, Wechat, Tango, Viber, Telegram, Viber, Tencent Weibo, Android Native Browser, Sina Weibo, Oupeng Browser, Firefox Browser, QQ, Baidu Net Disk, QQ Mail, Taobao and NetEasMail.