An Android application designed as a backup tool to protect device data actually steals phone and user activity data.
It's called SocialPath and a version of malware has managed to pass the check and be offered at the official Google Play store for Android.
Google has just been warned by security investigators about its risk by deleting it from its list, but until it was recognized and removed, Google received several clicks to download.
Security researchers who have tracked the occasional malware trafficking campaigns have noticed that almost one 6.000 click, most of which comes from Lebanon (1.715).
The next two positions were users from Sudan (1.117) and Oman (666). Users in EU countries were cheated at 7% of total clicks.
According to Jeremy Linden of Lookout, SocialPath promises to create secure copies of the contact list and informs that the service will soon be extended to photos, videos and other types of files, and also claims to give users access to their data if the device is lost or stolen. If the recipient of the message decides to sign up for the service, he / she is asked to provide the full name, e-mail address, telephone number, country of residence and a personal photo.
These are not the only items that are sent to their server as the application has features to leak out the contact list, messages, full log, which includes phone numbers, exact time and duration of calls.
Linden says malware is also capable of making calls to numbers sent by the rogue server, and then deleting call records to hide its activities.
As for the identity of the scammers for this particular case and based on the data found in the application code, Linden believes that arabic people are hiding. Taking into account the countries concerned, SocialPath may be a spying tool for political purposes, but it may well be part of a more advanced phishing with financial incentives.
Regardless of its scope, users of devices with Android they should download apps for their devices only from trusted sources, avoid third-party stores where the content is not tested, and finally read user feedback about any negative reports.