Android spyware posing as a Privacy tool to trick you into downloading

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,115
A powerful form of Android malware with spy capabilities has re-emerged with new tactics — this time masquerading as a popular online privacy application to trick users into downloading it.

First uncovered in August last year, Triout malware collects vast amounts of information about victims by recording phone calls, monitoring text communications, stealing photos, taking photos, and even collecting GPS information from the device, allowing the user's location to be tracked.

The campaign has been active since May last year, with users previously duped into downloading the malware with a fake version of an adult app — but now those behind Triout have altered their tactics, distributing the malware with a re-purposed version of a legitimate privacy tool that has been ripped from the Google Play store.

This new means of distributing Triout has been detailed by researchers at security company Bitdefender, who were also responsible for first uncovering the malware last year.

Now Triout is being hidden in a phony version of Psiphon, a privacy tool that is designed to help users bypass censorship on the internet. Psiphon is particularly focused towards aiding users living under repressive regimes and its services have been downloaded millions of times — the version available in the official Google Play store boasts over 10 million installations.

The tool can also be downloaded from third-party sites, especially in places that don't have access to Google Play, and it's this, combined with the function and popularity of Psiphon, which is likely to have made it an appealing lure for the hacking operation behind Triout.

Those behind Triout have been careful to make sure the phony version of Psiphone looks and acts in the same way as the real thing, so they can conduct the campaign without raising the suspicion of victims.

triout-android-spyware-framework-makes-a-comeback-abusing-app-with-50-million-downloads-1.png

The malicious version of the app (left) compared with the real version (right).
Image: Bitdefender
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top