By Staff Reporter, | September 19, 2016
A spyware has been found hidden in four apps on the Play Store. The apps have since been removed from the platform.
Google has removed four apps from its official Play Store which were identified to be infected with spyware. Researchers from Lookout's Security Research & Response revealed that the spyware is capable of harvesting a "significant amount" of device and user data.
Like Us on Facebook
The spyware dubbed as Overseer, lurking behind the four apps, could steal a user's name, phone number, email address and contact history. Security researchers from Lookout found a host of sensitive user information, such as a user's precise location, including latitude and longitude, network ID, internal and external memory, phone type, network operator, device and Android information, Device IMEI, IMSI, MCC, MNC and details about installed packages were also being stolen by Overseer.
Personal data from users including location area code, the version of Android a device is running, its user build and whether the device has been rooted was also being harvested.
"Overseer interested us for a few reasons. First, it targets foreign travelers, with its core functionality of searching for the embassies' locations. For example, enterprise executives could be impacted by Overseer if they had downloaded the Embassy app during business travel," Lookout director Kristy Edwards and security analyst Michael Flossman revealed in a blog post.
Overseer was discovered hiding in one app that was used by travelers as an Embassy search tool to guide them to their country's embassy while they are traveling abroad. The malware was also found as a Trojan in a Russian and European news app for Android.
The researchers pointed out that this malware was communicating with a control and command server (CNC) using Facebook's open source Parse Server which is based on Amazon Web Services cloud. The malware's command and control center could make use of HTTPS and a server based in the US to essentially remain hidden. The fact that the CNC is on a popular cloud service gives the impression that its traffic was legitimate making it less likely to be detected.
-
Use of Coronavirus Pandemic Drones Raises Privacy Concerns: Drones Spread Fear, Local Officials Say
-
Coronavirus Hampers The Delivery Of Lockheed Martin F-35 Stealth Fighters For 2020
-
Instagram Speeds Up Plans to Add Account Memorialization Feature Due to COVID-19 Deaths
-
NASA: Perseverance Plans to Bring 'Mars Rock' to Earth in 2031
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
600 Dead And 3,000 In The Hospital as Iranians Believed Drinking High-Concentrations of Alcohol Can Cure The Coronavirus
-
COVID-19: Doctors, Nurses Use Virtual Reality to Learn New Skills in Treating Coronavirus Patients