More than 40 apps are in constant danger from having their information stolen directly from your device. The culprit is a malware, and not a new one, but one that exists for two years now – SpyDealer. And the worst part is the fact that it can even steal from your favorite apps, like WhatsApp, Facebook, or Skype.
It is quite skilled in stealing your data, and it will take anything it can get to. This includes messages, contacts, phone numbers, call history, and alike. But it can do even more than that, which includes not only discovering your device’s location but also recording your conversations.
Pretty much any video and audio in your phone’s surroundings can be recorded at any time if you get infected with SpyDealer. By using your cameras, both front and rear, it can also take pictures without you knowing.
It was discovered by Palo Alto Networks’ researchers, and they claim that over 500 million people are at risk of having this malware. It only attacks Android users and those that have versions between 2.2 and 4.4, while the rest are supposedly safe. It targets them because it uses the rooting tool that is only supported by these versions.
However, that is still estimated to be half a billion devices, which means half a billion victims. That is an entire quarter of Android users today. Also, experts think that the threat did not come from the Play Store this time. Instead, it comes as a fake Google Update software.
When it infiltrates your phone, it opens a backdoor and then roots the phone in order to get special privileges. It can also receive instructions via both C&C server, as well as plain text. By doing this, hackers who sent it can change what info it extracts. So far, researchers have not discovered just how devices became infected. However, there is a theory that it was originally done by a compromised wireless network, possibly in China.
The oldest confirmed case of this malware shows that it was active even in October 2015, which was more than a year and a half ago. It receives updates on a regular basis, which means that its creators did not simply abandon it in the meanwhile. The last known update was from May 2017.
It targets a lot of apps, and many of those are native to China. However, a lot of others are used all around the world. The most popular ones that are infected include Skype, Facebook, Telegram, WhatsApp, Firefox, and alike.
Palo Alto Networks informed Google about it, and the new protections have already been delivered to users via the Play Store.
Before this, the biggest known threat to Android users came from Judy malware, which roamed free about two months ago. Back then, it was believed that 41 malicious apps from Play Store have infected over 36.5 million phones.
That one was discovered by Check Point, and it was a malware that generates fake clicks on ads in order for its hacker to make some easy money. The infected apps were downloaded around 18.5 million times before the malware was discovered, and it was called Judy because of the character ‘Judy the chef’ that appeared in most of the apps.
This was the biggest malware infection ever to come from the Google Play Store.