Researchers have discovered a new one Android spyware που is distributed through fake messaging applications such as Threema, Telegram and WeMessage.
It is said that spyware is the creation of a hacking team, specializing in campaigns espionage against military and educational institutions. The group is called APT-C-23 and has been active since at least July 2015.
The researchers they found one new update of APT-C-23 spyware, which contains new advanced features that allow Android spyware to reject notifications from solutions security running on devices Samsung, Xiaomi and Huawei. Thus, it can operate secretly on the victims' devices.
Android spyware is hidden in fake applications
In April 2020, the security researcher MalwareHunterTeam had spoken to Twitter for an Android spyware that had a very low detection rate in VirusTotal. Examining the sample, her researchers ESET found out she was part of it malware APT-C-23 toolkit.
In June, MalwareHunterTeam found a new sample of the same spyware hidden in its installation file Telegram available from DigitalApps, an unofficial Android store.
ESET began researching the new version and found that the spyware was hidden in other applications which also exist in the same store.
Spyware was also found on Threema, a secure messaging platform and application AndroidUpdate.
According to the researchers, the fake ones applications Threema and Telegram were fully operational, thus hiding their malicious nature.
However, according to ESET, the use of DigitalApps is not the only method of spreading Android spyware. The researchers also found other fake applications that were not available in that store but contained the same spyware.
"In June 2020, the systems ESET blocked this spyware on customer devices in Israel. Samples of malware detected were displayed as WeMessage", Said ESET.
However, the malware interface differs from the normal one, which means that the attacker did not exactly copy the original application.
The new version of spyware has advanced features
The new version of Android spyware has many new features like recording calls / SMS / contacts and specific types files (PDF, DOC, DOCX, PPT, PPTX, XLS, XLSX, TXT JPG, JPEG, PNG), read notifications from applications (WhatsApp, Facebook, Telegram, Instagram, Skype, Messenger, Viber) and message theft.
It also has Ability to mute alerts from security applications which are integrated in Samsung, Xiaomi and Huawei devices.
According to Bleeping Computer, spyware can also monitors the screen as well as incoming and outgoing calls via WhatsApp. End, makes secret calls and "blackens" the screen so that it is not perceived and the phone appears to be switched off.
ESET published a report on the new spyware of APT-C-23.