Spyware for Android pretends to be famous apps to steal data

A new threat for Android phones masquerades as covid-19-related or adult content apps to spy on smartphone activity. The Transparent Tribe group, specializing in social engineering techniques, now exploits distracted users with apps that look like official apps.

Under Kaspersky’s watch for more than four years, Transparent Tribe has adopted malware masquerading as adult content apps and official apps with information about covid-19 to attack more cell phones.

According to Kaspersky, the company has been actively working to improve its toolset and expand the scope of attacks to maximize their impact. One of the examples of the new practices is a new fake covid-19 tracking app launched in India and another for pornographic content.

App downloads from unknown sources is the main form of fake app distribution.
App downloads from unknown sources is the main form of fake app distribution.Source: Pixabay

The discovery comes from the correlation between the apps: both redirect to the same domain, known to be owned by the Transparent Tribe group. The first app is simply a modified version of an open source video player for Android; while the second is similar to a covid-19 tracking app launched by the Indian government.

Once installed, they display content as a distraction and attempt to install another Android file pack — a modification of remote access tools dubbed Android AhMyth. This release includes the familiar features of the tool, including the ability to download new apps; access SMS messages; MIC; call log; GPS and file theft.

“The findings reinforce the commitment of Transparent Tribe members to add new tools to further expand their operations and reach their victims through different attack vectors, which now include mobile devices,” comments Giampaolo Dedola, senior security researcher at Kaspersky.

As a recommendation, the professional recommends that all users be aware of content download sources, never relying on third-party links or downloads in emails. More details about the threats released by Transparent Tribe are described in the full report on Securelist.

Previous post China cell phone steals users’ data and money
Next post Xiaomi announces Full HD webcam compatible with Google Duo