Bouncing Golf campaign takes swing at Android users with info-stealing malware

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A newly discovered cyber espionage campaign has been targeting Android users in the Middle East with malware designed to steal scores of device information, snoop on victims and potentially take over mobile devices.

Known as GolfSpy, the malware is found in once-legitimate applications that have been repackaged to contain malicious code, according to a June 18 blog post from Trend Micro, whose researchers uncovered the operation.

The researchers did not find these apps in either the Google Play store or third-party marketplaces. Instead, they were observed on a host website that was promoted on social media. Repackaged apps include the Kik, Imo, Plus Messenger, Telegram, Signal and WhatsApp Business messaging apps, as well as various lifestyle, book and reference apps typically used by Middle Easterners.

So far, much of the information stolen by GolfSpy looks to be related to the military, according to the report — an observation that might possibly reveal the perpetrators’ top choice of target. More than 660 devices are known to have been infected, “but we also expect it to increase or even diversify in terms of distribution,” state blog post authors and Trend Micro researchers Ecular Xu and Grey Guo.

According to TrendMicro, GolfSpy is capable of stealing a wealth of information, including device accounts, lists of installed applications, running processes, battery status, bookmarks and histories of the default browser, call logs and records, clipboard contents, contacts (including those in VCard format), mobile operator information, files stored on an SDcard, device location, storage and memory information, connection information, sensor information, SMS messages, pictures, and lists of stored image, audio and video files.
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top