Anew spyware may be targeting your Android phone and trying to steal your personal data, researchers have found.
PhoneSpy is a new spyware campaign that has most South Korean users of Android devices in clutches right now,
but it will only be a matter of time till it spreads elsewhere.
Researchers have noted that this spyware does not leverage existing vulnerabilities of a device but
hides in plain sight on it by posing as a legitimate app, such as one for yoga instructions or streaming videos.
The biggest risk that PhoneSpy could be posing to your Android phone is by
stealthily uninstalling mobile security apps, researchers at mobile security firm Zimperium have discovered. PhoneSpy was find hiding inside as many as 23 apps that look benign and genuine,
much like any other legitimate Android app.
Although the PhoneSpy-infected apps have not made their way to
the Google Play Store, people are still somehow falling into the
trap and downloading them.
But it can do more harm than just stealing the identity of Android apps. Researchers said PhoneSpy can access the camera of the phone it has targeted and use it to take photos and record videos in real time without the user’s knowledge.
These photos and videos can be a way to commit personal or corporate blackmail, but they can also be use to commit cyber-espionage.
According to researchers, these are the apps that have been found carrying the PhoneSpy spyware:
The spyware’s impact is scary as it is,
but users can stay alert by noticing some unusual instances when they have mistakenly downloaded PhoneSpy-infected apps. These apps ask for excessive on-device permissions and that should be a red flag for you.
But if you miss noticing that and give these apps the permissions they ask for,
you would be allowing PhoneSpy to control and hide itself from your phone’s app menu and track you in the background.
Since the apps are not visible in the app menu, users cannot interrupt PhoneSpy’s stealing process, Zimperium’s Richard Melick told TechCrunch.
PhoneSpy has apparently still not made its way to the Google Play Store.
Neither was it found inside other app marketplaces on Android.
But, according to researchers, spyware is spreading to phones through distribution methods based on web traffic redirection or social engineering. Simply put, these are different tactics that attackers use to lure people into performing certain actions for a reward, but victims end up downloading phony apps. There are also high chances victims will hand over their personal and confidential data while completing these actions.
Right now the headcount of victims stands at 1,000, but all of them are in South Korea, according to Zimperium. But who knows when it will spread and start claiming more innocent Android phone users? Since PhoneSpy belongs to the category of spyware that masquerades as legitimate apps, it is very hard to track it. It also shares similarities with previously-discovered spyware and stalkware programmes, which, according to researchers, could be a way to compile and combine different features from different programmes by attackers. Using off-the-shelf codes makes it easy to hide the identity of the spyware.