Android Surveillance Malware Poses As Privacy Tool

A malware strain with “massive” surveillance capabilities has been repackaged to run invisibly alongside a popular privacy tool, researchers have found.

The Android malware framework Triout has been detected in a limited number of infections, leading researchers at Bitdefender to believe that it is used under targeted circumstances to conduct espionage on particular individuals.

Triout is typically bundled with a corrupted version of a legitimate application, and hides its activities on the device and its communications with the command and control server.

Meanwhile, it records phone calls, logs incoming text messages, records videos, takes pictures and collects the device’s GPS coordinates, Bitdefender said.

Triout has been found hidden in a corrupted version of  Psiphon, a legitimate anti-censorship tool

Privacy tool

A previous version of Triout detected in August of last year was built into an adult content app, but the new version is attached to a legitimate tool called Psiphon that allows users to bypass restrictions, such as state-imposed blocks, in order to access internet content.

“Ironically, while the original legitimate application is advertised as a privacy tool that enables access to the open internet, when bundled with the Triout spyware framework it serves the exact opposite purpose,” Bitdefender analyst Liviu Arsene wrote in an advisory.

The application has more than 50 million installs and claims to have more than 12 million active daily users, which Bitdefender said may be why it was targeted by the Triout malware authors.

The version of Psiphon on Google Play is clean, with the Triout malware only being found on altered versions found on third-party app stores, researchers said.

The firm noted that aside from its spyware activities the malware contains three adware frameworks “to generate some revenue on the side”.

The firm said it discovered the new version of Triout in October 2018 and found that it was active from May to December of last year, with at least seven devices infected, including five in South Korea and two in Germany. The previous iteration appeared to target users in Israel.

Espionage

The new iteration also shifts its command server to a legitimate-looking e-commerce website in France.

Bitdefender suggested the malware may have been targeted to particular individuals via social engineering techniques or a targeted online campaign.

Arsene said the popularity of Android devices makes them a natural target for espionage.

“The fact that new samples are emerging and that threat actors are using extremely popular apps to bundled the malware, may herald more incidents such as this in the near future,” he wrote.

Bitdefender recommends users to use Google’s official app store and to use security software that can detect Android malware, as well as keeping the Android operating system up to date with security patches.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

16 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

16 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

17 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

17 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

18 hours ago

Apple Posts China Sales Decline, Ramping Pressure On AI Strategy

Apple posts slight decline in China sales for fourth quarter, as Tim Cook negotiates to…

18 hours ago