Although the PhoneSpy-infected apps have not made their way to the Google Play Store, people are still somehow falling into the trap and downloading them.
HIGHLIGHTS
- Researchers have warned people against the PhoneSpy spyware.
- PhoneSpy can find its way to your phone outside your knowledge.
- The apps that carry it look very legitimate, making people hard to identify them.
Anew spyware may be targeting your Android phone and trying to steal your personal data, researchers have found. PhoneSpy is a new spyware campaign that has most South Korean users of Android devices in clutches right now, but it will only be a matter of time till it spreads elsewhere. Researchers have noted that this spyware does not leverage existing vulnerabilities of a device but hides in plain sight on it by posing as a legitimate app, such as one for yoga instructions or streaming videos.
The biggest risk that PhoneSpy could be posing to your Android phone is by stealthily uninstalling mobile security apps, researchers at mobile security firm Zimperium have discovered. PhoneSpy was found hiding inside as many as 23 apps that look benign and genuine, much like any other legitimate Android app. But it can do more harm than just stealing the identity of Android apps. Researchers said PhoneSpy can access the camera of the phone it has targeted and use it to take photos and record videos in real time without the user’s knowledge. These photos and videos could be a way to commit personal or corporate blackmail, but they can also be used to commit cyber-espionage.
That is scary as it is, but users can stay alert by noticing some unusual instances when they have mistakenly downloaded PhoneSpy-infected apps. These apps ask for excessive on-device permissions and that should be a red flag for you. But if you miss noticing that and give these apps the permissions they ask for, you would be allowing PhoneSpy to control and hide itself from your phone’s app menu and track you in the background. Since the apps are not visible in the app menu, users cannot interrupt PhoneSpy’s stealing process, Zimperium’s Richard Melick told TechCrunch.
PhoneSpy has apparently still not made its way to the Google Play Store. Neither was it found inside other app marketplaces on Android. But, according to researchers, spyware is spreading to phones through distribution methods based on web traffic redirection or social engineering. Simply put, these are different tactics that attackers use to lure people into performing certain actions for a reward, but victims end up downloading phony apps. There are also high chances victims will hand over their personal and confidential data while completing these actions.
Right now the headcount of victims stands at 1,000, but all of them are in South Korea, according to Zimperium. But who knows when it will spread and start claiming more innocent Android phone users? Since PhoneSpy belongs to the category of spyware that masquerades as legitimate apps, it is very hard to track it. It also shares similarities with previously-discovered spyware and stalkware programmes, which, according to researchers, could be a way to compile and combine different features from different programmes by attackers. Using off-the-shelf codes makes it easy to hide the identity of the spyware.
Zimperium claims to have told off authorities in South Korea and the US, but the spyware is as active and spreading fast. So, keep away from suspicious apps if you do not want your data to be stolen for all nefarious reasons.