Government Spyware in Google Play Store; Exodus Malware

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Security researchers recently found government spyware squatting in plain sight, pretending to be harmless vanilla apps on Google’s Play store. This time around, the malware doesn’t come from the NSA. Rather, it allegedly comes from the Italian government, which apparently purchased it from a company that sells surveillance cameras.

According to Motherboard, this is the first time that security researchers have seen malware produced by the surveillance company, known as eSurv.
It was discovered in a joint investigation carried out by Motherboard and researchers from Security Without Borders – a non-profit that often investigates threats against dissidents and human rights defenders.

Security Without Borders published a technical report of their findings on Friday:
We identified previously unknown spyware apps being successfully uploaded on Google Play Store multiple times over the course of over two years. These apps would remain available on the Play Store for months and would eventually be re-uploaded.
They’re calling the malware Exodus, after the name of the command and control servers the apps connected to.
Source: Government spyware hidden in Google Play store apps

Motherboard Link 1: Researchers Find Google Play Store Apps Were Actually Government Malware
Update: Motherboard Link 2: Prosecutors Launch Investigation Into Company That Put Malware on Google Play Store

Technical Report: Security Without Borders
 

SumTingWong

Level 28
Verified
Top Poster
Well-known
Apr 2, 2018
1,706
Android users
iu
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top