This Android virus steals your data from 40 apps including WhatsApp and other popular apps.This Android Trojan can ex-filtrate private data from more than 40 applications, Palo Alto Networks security researchers have discovered.This Trojan have been in existence for over two years.
The brand new Android Trojan features a broad range of features that allow it to root Android devices, steal data from over 40 apps, and geo-track phone owners.This Trojan is tagged SpyDealer, the Trojan only recently came to light, but researchers say they tracked activity surrounding this new threat going back to October 2015.
Do You Know Palo Alto Networks?
Palo Alto Networks, Inc. is a network and enterprise security company based in Santa Clara, California. The company’s core products are a platform that includes advanced firewalls designed to provide network security, visibility, and granular control of network activity based on application, user, and content identification and cloud-based offerings that extend those firewalls to cover other aspects of security.
Palo Alto Networks said that, “On devices running later versions of Android, it can steal significant amounts of information, but it cannot take actions that require higher privileges,” ” the network security firm says.To remotely control the victim device, the malware implements three different C&C channels and supports more than 50 commands,”
SpyDealer Under Microscope
SpyDealer has possess great threats to its attackers, this include;
- The ability to steal data from apps installed on the target’s smartphone, such as: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk
- The ability to abuse a legitimate Android feature (Accessibility Services) to messages from apps such as WeChat, Skype, Viber, and QQ.
- The ability to control the target’s phone via UDP, TCP and SMS channels
- The ability to take screenshots of the phone’s screen
- The ability to record audio and video by surreptitious phone calls
- The ability to take photos using the front and back cameras
- The ability to monitor the phone’s geo-location data
- Automatically answering incoming phone calls from a specific number
- Ability to collect smartphone details such as phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information.
The Android Trojan is only completely effective on android devices running android versions (2.2 to 4.4), since those versions are the only ones supported by Baidu Easy Root. SpyDealer can still affect newer Android devices and steal data, but cannot take actions that require higher privileges.
Popular Android Apps under Attack
According to Palo Alto Networks, the Trojan can remotely control the device via UDP, TCP and SMS channels. It can steal information from popular applications such as WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk.
Once the malware has taken over a device, it can download an exhaustive list of personal information, including phone number, IMEI, IMSI, SMS, MMS, contacts, accounts, phone call history, location, and connected Wi-Fi information.What amazes me is, It can also answer incoming phone calls from a specific number, can record phone calls and the surrounding audio and video, can take photos with the device’s cameras, monitor location, and take screenshots.
Currently, the Trojan is not being distributed through the Google Play Store, and its existence has been reported to Google. Unit 42 is unsure exactly how it is infecting users but has seen evidence suggesting that SpyDealer is running through compromised wireless networks in China. All of the 88 command & control servers that Unit 42 has observed SpyDealer using are in China, bar three in the USA.