38.9 F
Washington D.C.
Wednesday, February 1, 2023

Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack, Trend Micro Finds

We found a new spyware family disguised as chat apps on a phishing website. We believe that the apps, which exhibit many cyberespionage behaviors, are initially used for a targeted attack campaign. We first came across the threat in May on the site http://gooogle[.]press/, which was advertising a chat app called “Chatrious.” Users can download the malicious Android application package (APK) file by clicking the download button indicated on the site.

The website became inactive for months after that encounter in May. We only noticed that it came back in October, this time with a different app called “Apex App.” We have identified this as a spyware family that can steal user’s personal information. Trend Micro detects both of the threats as AndroidOS_CallerSpy.HRX.

CallerSpy claims it’s a chat app, but we found that it had no chat features at all and it was riddled with espionage behaviors. When launched, CallerSpy initiates a connection with the C&C server via Socket.IO to monitor upcoming commands. It then utilizes Evernote Android-Job to start scheduling jobs to steal information.

Read more at Trend Micro

Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

- Advertisement -

Latest Articles