Spywares are malicious applications that are used by cybercriminals to spy on steal data from devices. Smartphones are a lucrative target as they contain everything from banking details to personal information of a user. Authorities recently took down a spyware found earlier this month that used to carry out such attacks on Android devices of unsuspecting individuals by disguising itself as a harmless application.
PhoneSpy was discovered hiding in 23 Android applications meant for purposes ranging from learning Yoga to watching TV and videos, or browsing photos. The spyware was active in South Korea. It used to steal data, messages, images, and even granted remote control of infected Android phones to criminals.
The stolen data included personal photos to corporate communications. Zimperium, the cybersecurity agency that discovered the spyware updated on November 22 that PhoneSpy is no longer active and its command and control server has been taken down. The infected devices too are no longer under the control of the attackers, the agency further added.
While the applications carrying PhoneSpy were not listed on Google Play Store, attackers used web traffic redirection or social engineering platforms to distribute the spyware.
Once inside your device, PhoneSpy could steal crucial data including images, call logs, contact and messages, get the complete list of installed apps, record audio and video in real time using cameras and microphone on the phone, extract device information like IMEI number, device name and brand, and can even grant remote access to the device.
After installation and launch, the infected apps would show a sign up page for Kakao which can be used to login into other services in South Korea with the Single-Sign-On feature. The sign on page was followed by an error message. In some cases, the app itself was a façade, with none of the advertised functionality. In other cases, like photo viewers, the app worked as advertised with PhoneSpy working in the background.
How to protect your phone from spyware
First and foremost, never download and install any app on your smartphone from an unreliable source. Always use Google Play Store to find and install applications on Android devices.
As seen in the case of some PhoneSpy apps, users received an error message after trying to log in to the application. Any such abnormal behaviour is suspicious and could be an indication that the application has a malware.
Also, never click on suspicious links or install unverified applications you receive via mail or text messages. Be mindful of how a log in page you usually use looks. Any deviation from the original layout or minor errors in the log in page could be a sign that you’re being targeted by cybercriminals.
