More than 1,000 mobile phone users in South Korea have been targeted with a powerful piece of Android spyware as part of an ongoing campaign, according to a new report from Zimperium zLabs.
Dubbed PhoneSpy, the malware was designed with extensive spyware capabilities inside, such including data theft, audio and video capture, and location monitoring.
The malware was not found in any Android application stores, a suggestion that the attackers are employing different distribution methods, such as social engineering and web redirects. A total of 23 applications used in this campaign were identified to date, according to a report from Zimperium.
The threat masquerades as various lifestyle applications that allow users to watch TV or videos, or browse photos, but in reality it steals as much data from the infected devices as possible, including calls, messages, photos, and other types of data.
It also allows an attacker to remotely control the compromised devices, providing them with access to the camera and microphone to take pictures and record audio and video, as well as to the GPS, to get the device’s precise location.
In addition to grabbing calls, contact information, and messages from the infected devices, PhoneSpy can send SMS messages with attacker-controlled content. It can also display a fake login page for the Kakao Talk messaging app to steal users’ credentials.
“While the victims have been limited to South Korea, PhoneSpy is an example of how malicious applications can disguise their true intent. When installed on victims’ devices, they leave personal and corporate data at risk,” Zimperium said.