SpyDealer: One malware για Android που ανακαλύφθηκε πρόσφατα μπορεί να κλέψει δεδομένα από πάνω από 40 δημοφιλείς εφαρμογές, όπως το Facebook, το WhatsApp, το Skype και τον Firefox. The malware has reportedly been actively engaged in this illegal activity for nearly two years.
It was named SpyDealer, by its investigators Palo Alto Networks who discovered it, and allegedly collects accounts and personal data from its victims. Included in the data phone numbers, messages, contacts, call history, information from the wi-fi that has been connected, and even the geographical location of the device.
Malicious software allows fraudsters to record phone calls, videos, and audio, capture images with front and back cameras, and download sensitive information screenshots.
It is described as a very advanced form of malware for Android. SpyDealer is able to open a backdoor on devices, exploiting a commercially available Android app to root the victim device and acquire root privileges.
Samples of the malware analyzed by the researchers suggest that the malware reuses the root exploits used by commercial application “Baidu Easy Root” to gain root privileges.
SpyDealer is able to take instructions from a command and control server - as well as commands via text messages, allowing fraudsters to remotely control the infected device.
SpyDealer is totally effective on Android devices in versions from 2,2 to 4,4 as its root tool only supports those versions of the mobile operating system.
Although these versions of Android are ancient - Android 2.2 was first released in May 2010 and Android 4.4 was released in late 2013 - researchers report that a quarter of Android devices still run these versions.
So with two billion active Android devices, this means that 500 million Android devices are vulnerable to this malware.
Researchers aren't sure how devices get infected with SpyDealer, but evidence suggests that Chinese users are infected through hacked wireless networks.
Also note that those behind SpyDealer collect data and accounts for over a year and a half, since the oldest sample of malware dates back to October of 2015.
Palo Alto Networks has already reported the threat to Google, which immediately created new protections through Google Play Protect.
According to the researchers, SpyDealer attempts to steal data from the following applications: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Taobao and Baidu Net Disk.