14 DAY TRIAL // Malware that is believed to be used for cyber-espionage has been discovered in the wild, and this time attackers rely on a fake chat app to infect Android devices.
Researchers at security company Trend Micro reveal that the malicious campaign was first discovered in May this year. At that point, a website with a fake Google domain and website served an application called Chatrious and attempting to drop CallerSpy malware on Android devices.
Soon after security researchers discovered the malware, the website went offline, possibly as attackers decided to stay unnoticed and wait for the right time to relaunch the malicious campaign.
This time has apparently come, as Trend Micro came across a refresh of the infected chat app, this time called Apex App, but still deploying CallerSpy on a compromised device.
Once again, the attackers rely on a website that uses a fake Google address (with an additional “O” in the URL) to spread the malware.
Android and macOS versions possibly coming
When the application is installed on an Android device, CallerSpy immediately connects to a C&C server and can collect call logs, files, text messages, and take screenshots.
“All of the stolen information are collected and stored in a local database before they’re uploaded to the C&C server periodically. This spyware targets the following file types: jpg, jpeg, png, docx, xls, xlsx, ppt, pptx, pdf, doc, txt, csv, aac, amr, m4a, opus, wav, and amr,” Trend Micro explains.
The security company believes this is just the first phase of a cyber-espionage campaign, albeit for now, it’s not yet clear who the attackers are actually going after with this malware. No victims have been reported so far.
“We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We believe that this is a new campaign,” Trend Micro says.
Needless to say, users are recommended to avoid installing apps from sources they do not trust and to always check the URL of the sites serving downloads.