Cybercriminals are turning legitimate apps into intrusive and sophisticated spyware, armed with extensive surveillance capabilities that can capture and record your calls, messages, photos and videos.
Security researchers at Bitdefender discovered a threatening malware framework, referred to as “Triout”, on the Android platform. It has the power to spy on, monitor and record infected devices while remaining completely hidden, leaving the device’s owner entirely unaware of what’s happening.
The malware was contained within what appeared to be a regular app, but was in fact a repackaged version. This version maintained the appearance, description and details of the original Android app, and even functioned just like it, in order to stealthily keep the downloader unaware of its malicious nature. In this particular case, an adult app named “Sex Game” was the trap.
Triout works by capturing data and relaying it back to an attacker-controller command and control (C&C) server. It appears that this server has been operational since May 2018, although so far there’s been no concrete evidence pointing towards who the attackers are or where they are from.
Once a system has been compromised by Triout, a variety of spying operations can be performed on it without the device owner’s knowledge. Some of the key capabilities include:
- Recording phone calls
- Logging incoming SMS messages
- Recording call logs (including names, numbers, dates, durations, etc.)
- Capturing copies of every picture taken or video recorded by any of the device’s cameras
- Collecting the GPS location data
All of this data is sent back to a remote C&C server. This is extremely dangerous and a severe violation of an individual’s privacy.
It is believed that the malicious app ended up on victim’s devices via third-party app stores or other domains, rather than the Google Play Store. The best way to protect yourself from falling victim to attacks like these is to only download apps from trusted and verified sources. Additionally, think carefully before granting apps permission to read your messages, access your call logs, see your GPS data or collect any other kind of device data.