A new form of mobile malware designed to snoop on calls, texts and other communications is targeting Android users by duping them into downloading a fake chat application.
The trojan malware, dubbed CallerSpy, has been discovered and detailed by cybersecurity researchers at Trend Micro, who believe the malware attacks are part of a cyber espionage campaign.
Smartphones are a particularly useful target for attackers with the goal of cyber espionage because, not only do the devices contain vast amounts of information, they’re also with the target user the entire time.
The malicious website hosting CallerSpy malware downloads is designed to look like Google, complete with copyright information – although a quick inspection of the URL shows the address has one more O in Google than there should be. But on some mobile browsers, this information won’t always be displayed or clear. The domain was registered in February, but there’s no clues as to who is responsible for setting it up.
Despite being advertised as a chat application, the CallerSpy apps don’t contain any chat capabilities, but rather are what researchers describe as “riddled with espionage features”.
Once downloaded and launched, it will connect to a command-and-control server that the malware takes orders from as it goes about snooping on the device.
Malicious capabilities of CallerSpy include collecting all call logs, text messages, contact lists and files on the device, the ability to use the phone’s microphone to record audio of its surroundings, as well as being able to take screenshots of user activity. All of the stolen data is periodically uploaded to the crooks.
Researchers believe whoever is behind it has set up the CallerSpy distribution page as the initial phase of a targeted cyber-espionage campaign – although it’s still unclear what the motive of the attacker is, or who they’re trying to target as there’s no indications of infections being discovered in the wild yet.
While there’s currently only evidence of CallerSpy being built to target Android, the download section of the website hosting the false chat app suggests there are also plans to distribute Apple and Windows versions, something that could indicate that a much bigger campaign is planned in future, with the attacker waiting for the right moment to spread the malware.
Trend Micro will continue to monitor the development of CallerSpy but in the meantime the current known Indicators of the malware are available in their post analyzing the malware