An ongoing Android malware campaign called Triout is recording calls, collecting photos, and reporting your location.
In 2016, an app called “Sex Game” was available in the Google Play store. And while it was legitimate, the bluntly titled app did not last long in the store. Soon it was gone.
Now, two years later, it’s back...but not really. It is not available in the Google Play store, though it shows off a Google Debug Certificate. You’ll only find it in shady third-party markets, and it is loaded with a spyware called Triout. It reportedly functions just as the 2016 version of the app did, but underneath the 2018 version is secret surveillance.
Researchers have found that once the phony app is activated, Triout is downloaded onto your phone, and the spyware proceeds to:
Looking at such sophisticated and stealthy spyware, one wonders if it is simply being tested in the wild by its developers, but intended for larger and more specific espionage uses. In the meantime, these fake apps are still out there, and the spyware is still claiming victims.
Avast Threat Intelligence Director Michal Salat comments, "The attackers show a surprising combination of behavior. On the one hand, the capabilities of the malware and the fact they weaponized an existing app and still kept its full functionality would point to a sophisticated attacker. On the other hand, the lack of a domain generation algorithm and obfuscation hints at low sophistication."
Noting the chilling component of this particular surveillance campaign, Michal adds, “This malware could also be very dangerous when used in a targeted attack because of its ability to track the physical location of the victim."
Stick to official app stores — While it may be tempting to search for a better deal in other venues, this is a time to go only with apps of which you are 100% sure. There are too many fake app scams to risk it. Avoid pirated copies of anything as well, as those notoriously come with malware stowaways.
Use a mobile antivirus — Keep a proactive defense on your Android so that if any malware, ransomware, adware, or spyware try to infiltrate, it’ll be blocked and rejected. With all the data we keep on our phones, they’re quickly becoming target #1 for cybercriminals. Install Avast Mobile Security and enjoy free Avast antivirus protection on your Android.
Plus check out these 4 additional tips for keeping your Android safe.
Information belonging to over 100 Italian banks breached by the Ursnif banking trojan was obtained by Avast Threat Labs, which then shared the data with as many of the victims as could be identified.
Avast researchers obtained information that the Ursnif banking Trojan has targeted 100 Italian banks and may have thousands of victims.