Android surveillanceware operators jump on the coronavirus fear bandwagon
An 11-month-old surveillance campaign is the latest to exploit pandemic fears. …
reader comments
12 with 11 posters participating
Researchers have uncovered a mobile surveillance campaign that has used more than 30 malicious Android apps to spy on targets over the past 11 months. Two of the most recent samples are exploiting the coronavirus by hiding off-the-shelf surveillanceware inside apps that promise to provide information about the ongoing pandemic.
One of the apps, “corona live 1.1,” is a trojanized version of “corona live,” a legitimate app that provides an interface to data found on this tracker from Johns Hopkins University. Buried inside the spoofed app is a sample of SpyMax, a commercially available piece of surveillanceware that gives attackers real-time control of infected devices. A second app used in the same campaign is called “Crona.” The campaign, which has been active since April 2019 at the latest, was discovered by researchers from mobile-security provider Lookout.
“This surveillance campaign highlights how in times of crisis, our innate need to seek out information can be used against us for malicious ends,” Lookout researcher Kristin Del Rosso wrote in a post published on Wednesday. “Furthermore, the commercialization of off-the-shelf’ spyware kits makes it fairly easy for these malicious actors to spin up these bespoke campaigns almost as quickly as a crisis like COVID-19 takes hold.”
Lookout researchers uncovered the ongoing campaign when analyzing “corona live 1.1.” While the app appeared to be in the early stages of development, it had a hard-coded address of its control server. When examining the control server domain, the researchers found that it was being used by 29 or so other apps, all of which
Continue reading – Article source
