An Android application designed as a backup tool to protect device data actually steals phone and user activity data.
It's called SocialPath and a version of the malevolent software κατάφερε να περάσει τον έλεγχο και να προσφέρεται στο επίσημο Android κατάστημα Google play.
Google has just been warned by security investigators about its risk by deleting it from its list, but until it was recognized and removed, Google received several clicks to download.
Security researchers who have tracked the occasional malware trafficking campaigns have noticed that almost one 6.000 click, most of which comes from Lebanon (1.715).
The next two positions were users from Sudan (1.117) and Oman (666). Users in European Union countries were duped on 7% of all clicks.
According to Jeremy Linden of Lookout, SocialPath promises to create secure copies of the contact list and informs that the service will soon be extended to photos, videos and other types of files, and also claims to give users access to their data if the device is lost or stolen. If the recipient of the message decides to sign up for the service, he / she is asked to provide the full name, e-mail address, telephone number, country of residence and a personal photo.
This is not the only information sent to their server as the app has features to leak the contact list, messages, full archivecall log which includes phone numbers, the exact time of calls and their duration.
Linden says malware is also capable of making calls to numbers sent by the rogue server, and then deleting call records to hide its activities.
Regarding the identity of the fraudsters for this particular case and with base the evidence found in the app's code, Linden believes Arabic-speaking people are hiding. Considering the countries involved, SocialPath may be a politically motivated espionage tool, but it may well be part of a more advanced, financially motivated phishing scheme.
Regardless of its scope, users of devices with Android they should download apps for their devices only from trusted sources, avoid third-party stores where the content is not tested, and finally read user feedback about any negative reports.
