A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that could spy on users.
... ... ....
The Dardesh app was spotted and analyzed by Lookout researchers, who dubbed the malware family Desert Scorpion.
.... ... ....
How was the app delivered to targets?
The malicious Dardesh chat app was apparently downloaded and installed by over a hundred users, after having been promoted via a long-running Facebook profile that posted the link to the app located on Google Play.
.... .....
Once installed, the app would download a second app that masqueraded as a generic “settings” application, which is capable of tracking the device’s location, record calls, video, and surrounding audio, retrieve files found on external storage and them to a C&C server, retrieve text messages, contacts and account information, uninstall apps, and more.
“The surveillance functionality of Desert Scorpion resides in a second stage payload that can only be downloaded if the victim has downloaded, installed, and interacted with the first-stage chat application,” the researchers pointed out.
