The Complete Magazine on Open Source

Android trojan surfaces; steals private data using popular apps

Android trojan SpyDealer

A new Android trojan has been spotted on Android platform. Called SpyDealer, the latest issue is claimed to affect 25 percent of total Android devices.

SpyDealer was reported by security researchers at Palo Alto Networks. Once the malware infects your device, it gives all the access to a remote attacker. As many as three variants of SpyDealer have been spotted by the security researchers. The good part is that the malware is not found in any Play Store apps, but there is a possibility that the malware is being distributed through third-party stores.

The malware gains root privileges of the infected device to exploit the security. It uses an app called Baidu Easy Root to gain the root access. The trojan contains the ability to control TCP, UDP and SMS of the device. Furthermore, the attackers can even steal the data from various applications including, Facebook, Telegram, WhatsApp and Firefox.

“SpyDealer exploits from a commercial rooting app to gain root privilege, which enables the subsequent data theft,” Palo Alto Networks researchers Wenjun Hu, Cong Zheng and Zhi Xu write in a release.

Extracts personal information

The report by Palo Alto Networks suggests that SpyDealer is capable of extracting the personal information such as phone numbers, SMS, call history and even the device location. The root access lets the malware trigger device functions and hardware calls without the device owner’s knowledge. A remote attacker can trigger the camera, record phone calls and even listen to what’s happening near the phone.

Devices running Android v2.2 and 4.4 are exposed to SpyDealer. The malware can steal a large amount of data from the affected Android devices and messages can be leaked from popular apps such as WeChat, Facebook, WhatsApp, Skype and Viber.

Security researchers advice the users to not to install apps from any unidentified source to safeguard from the Android trojan.