Sophisticated Surveillance Malware Spotted on Android and iOS Phones

Sophisticated Surveillance Malware Spotted on Android and iOS Phones

Most of the malware targeting phones is the product of, at most, a handful of disaffected people looking to make a quick buck. That’s not the case with a new strain of malware found on both Android and iOS devices. Security researchers believe this malware is based on so-called “lawful intercept” software in use by law enforcement and governments.

The privacy organization Security Without Borders detected the Android malware first, which it dubbed Exodus. The installer package was bundled inside APKs on numerous phishing sites, as well as in several apps that snuck into the Play Store. Users needed to install the app manually in either case, but it was much harder to do so with the phishing sites because of Android’s security features. You don’t pick up Exodus just browsing the web, but that doesn’t appear to be the creator’s goal.

Exodus is a sophisticated piece of malware. The infected app includes a dropper that collects basic details about the phone like the IMEI and phone number. It sends those to a command and control server, which almost immediately pushes down the next phase of the malware. This phase consists of multiple binary packages aimed at tracking the device. The third stage uses Linux exploit called DirtyCOW to attempt root access, which would allow it to collect any and all data on the phone.

With a rooted phone, Exodus could extract passwords, chat logs, contacts, and create local audio and video recordings. Luckily, Google patched DirtyCOW in 2016, so any recently updated phone is immune. Without the third phase, Exodus is limited to only gathering data available to other apps.

Sophisticated Surveillance Malware Spotted on Android and iOS Phones

The iOS variant was harder to find because the distribution was somewhat sneakier, but antimalware form Lookout detected it. The attackers set up websites that appeared to belong to Italian and Turkmenistani mobile carriers. They used Apple’s Developer Enterprise program, which allows companies to install custom apps on employee devices. The apps pretended to be mobile carrier assistance apps, but they could exfiltrate data like contacts, photos, GPS locations, and more.

Currently, the number of infected devices is believed to be quite small — in the hundreds or possibly thousands. This is a targeted attack, suggesting an intelligence motive rather than general mayhem. It is unlikely your phone is affected unless you’ve been cruising suspicious Italian websites.

Continue reading

Android 12 Could Include Major App Compatibility Improvements
Android 12 Could Include Major App Compatibility Improvements

Google has attempted to centralize chunks of Android over the years, and a major component called ART is set to get this treatment in Android 12. The result could be vastly improved app compatibility, which is sure to make everyone happy.

Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021
Qualcomm’s New Snapdragon 888 Will Power Flagship Android Phones in 2021

The 888 comes with a new CPU design, integrated 5G, and a massive GPU boost. It's shaping up to be the most significant update to Qualcomm's flagship system-on-a-chip (SoC) in years.

Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon
Samsung Starts Rolling Out Galaxy S20 Android 11 Update on Verizon

Not only does this include the Googley Android 11 enhancements, but it also has numerous Samsung-specific changes as part of the One UI 3.0 revamp.

It Turns Out Huawei’s HarmonyOS Is Still Just Android
It Turns Out Huawei’s HarmonyOS Is Still Just Android

Following the Commerce Department's actions against the Chinese megafirm, Huawei has been unable to use Google services on its new phones. The company's solution was to develop HarmonyOS, but now that we've gotten our first real look at it, one thing is clear: this is just Android with a skin.