A new trojan is in the wild that seems part of a cyberespionage campaign. Dubbed as CallerSpy, this Android malware masks itself as chat apps to trick users.
Researchers from Trend Micro have spotted new spyware in the wild targeting Android users. The malware, which they name as ‘CallerSpy’, appears as Android chat apps to bluff users.
The researchers first found this malware in May this year, when it masqueraded as the app ‘Chatrious’. The site advertising this app http://gooogle[.]press then disappeared shortly but is now back online. This time, it advertises another chat application ‘Apex App’.
According to Trend Micro researchers, CallerSpy applications pose as chat apps, but they don’t really exhibit any such functionality.
After a user downloads such an app, the malware installs on the target device and executes whilst connecting with a C&C server via Socket.IO. The malware then schedules jobs to execute spying and data-stealing activities. The collected information then moves to the C&C server. More technical information about the malware is available in the researcher’s blog post.
Presently, researchers deem this malware the beginning of a new cyberespionage campaign. They presently find CallerSpy apps in the testing phase.
We at LHN, out of curiosity, did a quick Google search with the numbers associated with the Apex App. We found the number associated with a lot of websites. Moreover, all these websites also display the same contact address.
Some of these websites apparently advertise different apps, just like the site advertising Apex App. For example, TheLocationsFinder.info advertises a tracking app.
Whereas, some of the links claim to belong to some digital marketing agencies. For instance, Panubin.com claims itself a graphic design agency, whereas, AppManiaTeam.com boasts an app development service.