Are you one among five in the world who is lax about cyber attacks or isn't prone to changing your internet passwords regularly? If so, we have news for you. There is a new spyware on the prowl that sits on the Android-based smartphones and has the ability to remotely control your device.
While malware-infested applications have been common in recent times, the latest one called PhoneSpy has infected devices across the United States and South Korea, says a report on TechCrunch. It quoted Richard Mellick, of mobile security agency Zimperium, to suggest that the malware wasn't listed on Google Play Store.
However, the malware was found infecting 23 other Android apps that could go on to access a victim's camera to take pictures and record videos in real time without their knowledge. Researchers at Zimperium warned that such usage could result in personal or corporate blackmail and espionage.
- Is free anti-malware good enough? Here's our considered view
- Microsoft sounds alarm over 'highly evasive' banking malware
The report quoted the researched to suggest that the malware infestation could be detected if the users carefully analyze their web traffic patterns. The PhoneSpy app starts off by sending requests seeking on-device permissions. Once these are given by the user, attackers can control and hide the app from the main menu.
Since the spyware or any of its shadow apps were listed on Play Store, researchers are assuming that the attackers could be using distribution methods based on web traffic redirection or social engineering. The latter is used by cyber criminals in order to manipulate device owners into performing some actions voluntarily.
The story quotes Mellick to indicate that PhoneSpy could also be distributed through malicious and fake apps that could be downloaded or side-loaded into a device. The malware can steal data from messages, images, and calls besides accessing the list of installed apps and extract device information like IMEI number etc.
The spyware is also capable of uninstalling user-installed applications that includes mobile security apps. The spyware can also use phishing pages to harvest a user's credentials on social platforms such as Facebook, Instagram etc.
Though there are no reports of the malware hasn't struck in India till date, one can't be too careful about it. Zimperium recommends that Android users should not be installing apps from third-party app stores. We too recommend that users stay with only Google Play Store for all apps. And refrain from clicking on suspicious links or downloading any application that you receive via text messages or emails.