Earlier this month, we warned you about the ad-click malware DressCode embedded in more than 40 Google Play apps. Thankfully, these apps have already been scrubbed from Google's app store and it looks like this threat has been contained.
Yesterday, however, security researchers from Lookout discovered a new type of spyware lurking in four official Google Play apps. The new malware, named Overseer, is reportedly programmed to steal a "significant amount of information from an infected device."
This stolen information includes:
- User's contact names, phone numbers, emails and times contacted
- All user accounts on the victim's device
- Base station location data, area code and network ID
- Installed app packages, permissions and whether they were sideloaded
- Internal and external memory free space
- Device information including IMEI, phone type, network operator, device ID and model
- Android version and ID
- Whether a device has been rooted
One of the poisoned apps is an embassy search tool simply called "Embassy" that is supposed to aid travelers abroad. The remaining three are foreign news apps including "Europe News" and "Russian News." These apps appear to have been created solely for the malware's distribution due to low download numbers and fake reviews.
The researchers note that since Overseer appears to be targeting foreign travelers, enterprise executives could be affected especially if they have used the embassy search app in their business travels. Overseer also hides its command and control server communications behind Facebook's Parse Server within Amazon Web Services.
Protect yourself from mobile malware
As evidenced by the number of hidden malware apps even in official the Google Play store, it's imperative that you always check user reviews and ratings before you download and install.
Also, inform yourself about any latest malware threats by checking news sites like komando.com. We always strive to give you timely information about the newest cybersecurity dangers that arise every day.