Cybersecurity researchers are warning about an ongoing Android malware campaign that has been active since 2016 and was first publicly reported in August 2018.
Dubbed “ViceLeaker” by researchers at Kaspersky, the campaign has recently been found targeting Israeli citizens and some other middle eastern countries with a powerful surveillance malware designed to steal almost all accessible information, including call recordings, text messages, photos, videos, and location data—all without users’ knowledge.
Besides these traditional spying functionalities, the malware also has backdoor capabilities including upload, download, and delete files, record surrounding audio, takeover camera, and make calls or send messages to specific numbers.
The malware used in these campaigns was named “Triout” in a report published by Bitdefender in 2018, which is sort of a malware framework that attackers are using to turn legitimate applications into spyware by injecting an additional malicious payload into them.
In a new report published today, Kaspersky Lab revealed that attackers are actively using the Baksmali tool to disassemble and then reassemble the code of a legitimate app after injecting their malicious code in it—a technique commonly known as Smali injection.
“Based on our detection statistics, the main infection vector is the spread of Trojanised applications directly to victims via Telegram and WhatsApp messengers,” the researchers said.
images from Hacker News