SpyDealer: Ένα malware για Android που ανακαλύφθηκε πρόσφατα μπορεί να κλέψει δεδομένα από πάνω από 40 δημοφιλείς applications, όπως το Facebook, το WhatsApp, το Skype και τον Firefox. Το κακόβουλο λογισμικό φέρεται να ασχολείται ενεργά με αυτή την παράνομη δραστηριότητα για σχεδόν δύο χρόνια.
It was named SpyDealer, by its investigators Palo Alto Networks who discovered it, and allegedly collects accounts and personal data from its victims. Included in the data phone numbers, messages, contacts, call history, information from the wi-fi that has been connected, and even the geographical location of the device.
The malware allows fraudsters to record phone calls, video, and audio, taking photos with the front and rear cameras, but also taking screenshots of sensitive information.
It is described as a very advanced form of malware for Android. SpyDealer is able to open a backdoor on devices, exploiting a commercially available Android app to root the victim device and acquire root privileges.
Samples of malware analyzed by the researchers suggest that the malware reuses the root exploits used by the commercial application "Baidu Easy Root" to gain root privileges.
SpyDealer is able to receive instructions from a server orders and control – as well as commands via text messages, which allows fraudsters to remotely control the infected device.
SpyDealer is totally effective on Android devices in versions from 2,2 to 4,4 as its root tool only supports those versions of the mobile operating system.
Although these versions of Android are ancient - Android 2.2 was first released in May 2010 and Android 4.4 was released in late 2013 - researchers report that a quarter of Android devices still run these versions.
So with two billion active Android devices, this means that 500 million Android devices are vulnerable to this malware.
Researchers are not sure how the devices are infected with SpyDealer, but data shows that Chinese users are infected through hacked wireless networks.
We should also mention that those behind SpyDealer have been collecting data and accounts for over a year and a half, since the oldest The malware sample dates back to October 2015.
Palo Alto Networks has already reported the threat to Google, which immediately created new protections through Google Play Protect.
According to the researchers, SpyDealer attempts to steal data from the following applications: WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Taobao and Baidu Net Disk.
