Android Surveillance Malware Poses As Privacy Tool

A malware strain with “massive” surveillance capabilities has been repackaged to run invisibly alongside a popular privacy tool, researchers have found.

The Android malware framework Triout has been detected in a limited number of infections, leading researchers at Bitdefender to believe that it is used under targeted circumstances to conduct espionage on particular individuals.

Triout is typically bundled with a corrupted version of a legitimate application, and hides its activities on the device and its communications with the command and control server.

Meanwhile, it records phone calls, logs incoming text messages, records videos, takes pictures and collects the device’s GPS coordinates, Bitdefender said.

Triout has been found hidden in a corrupted version of  Psiphon, a legitimate anti-censorship tool

Privacy tool

A previous version of Triout detected in August of last year was built into an adult content app, but the new version is attached to a legitimate tool called Psiphon that allows users to bypass restrictions, such as state-imposed blocks, in order to access internet content.

“Ironically, while the original legitimate application is advertised as a privacy tool that enables access to the open internet, when bundled with the Triout spyware framework it serves the exact opposite purpose,” Bitdefender analyst Liviu Arsene wrote in an advisory.

The application has more than 50 million installs and claims to have more than 12 million active daily users, which Bitdefender said may be why it was targeted by the Triout malware authors.

The version of Psiphon on Google Play is clean, with the Triout malware only being found on altered versions found on third-party app stores, researchers said.

The firm noted that aside from its spyware activities the malware contains three adware frameworks “to generate some revenue on the side”.

The firm said it discovered the new version of Triout in October 2018 and found that it was active from May to December of last year, with at least seven devices infected, including five in South Korea and two in Germany. The previous iteration appeared to target users in Israel.

Espionage

The new iteration also shifts its command server to a legitimate-looking e-commerce website in France.

Bitdefender suggested the malware may have been targeted to particular individuals via social engineering techniques or a targeted online campaign.

Arsene said the popularity of Android devices makes them a natural target for espionage.

“The fact that new samples are emerging and that threat actors are using extremely popular apps to bundled the malware, may herald more incidents such as this in the near future,” he wrote.

Bitdefender recommends users to use Google’s official app store and to use security software that can detect Android malware, as well as keeping the Android operating system up to date with security patches.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago