Experts in the field of information security from Palo Alto Networks (Santa Clara, CA, USA) has identified a new Trojan SpyDealer able to steal users ‘ personal information more than 500 million devices running Andriod OS. The malware uses the most popular instant messengers, SMS and record phone conversations of the user. In addition, the Trojan can take photos with the camera of the infected smartphone.
Specialists Palo Alto found that the distribution SpyDealer is via platform GoogleService and GoogleUpdate, or unprotected Wi-Fi connections, which are often located in public places. Infiltrating and settling on the device, SpyDealer begins to control all ongoing downloads and wireless connection status. Management of malicious program with the SMS commands, the number of which reaches 50. Performing transferred from the remote server command, the Trojan can steal any user’s personal data, including phone number, IMEI data, IMSI, SMS and MMS messages, list of contacts, location data and information about current wireless connections. The interception of communications is carried out using special features Android AccessibilityService.
Under threat of loss of personal data was the most common users of instant messenger: WeChat, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Facebook from the app. In addition to the threat experienced by users of preinstalled browser Android, Firefox and Oupeng, email clients QQ Mail, NetEase Mail, Taobao and Baidu Net Disk. SpyDealer will be able to answer phone calls from specified number, record phone conversations and make unauthorized pictures with both cameras smartphone. There are over 40 applications that Trojan has access to. Thus, SpyDealer can serve as the perfect spy, able not only to steal information but also to conduct surveillance of his victim.
Currently, the largest number of victims from SpyDealer users are concentrated in China, the same country is and the majority of the command servers (but the server is in USA). The greatest threat experienced by smartphones with Android OS versions from 2.2 to 4.4, for future versions, bug fixes and some threats have been eliminated. However SpyDealer can steal information from smartphones running the Android OS 5 and higher versions.
According to experts in the world at the moment, there are about 2 billion Android smartphones, among which about a quarter are working under outdated versions of the operating system. Consequently, about 500 million users risk being exposed to the attack of Trojan SpyDealer. While SpyDealer rapidly evolving and improving, and in the future he may be able to effectively attack and smartphones running recent versions of Android OS.
Source: Palo Alto Networks