Skip to Content
Security & privacy

Fake apps are infecting smartphones with the ultimate spyware

Remember the Syrian Electronic Army (SEA)? It’s a hacking group that wreaked havoc around four years ago by taking over the websites of the major news organizations, including The New York Times, Reuters, The Telegraph, The Independent and Forbes.

The SEA has been dormant in the West for years, concentrating on Syrian targets in the interim. But new evidence shows that the SEA is actively launching global attacks again, unleashing smartphone malware that’s designed for total surveillance.

Read on and learn more about the SEA’s new method of attack.

Trojan apps

New research from cybersecurity firm Lookout presented during this year’s Black Hat Europe conference has revealed that the SEA has expanded its hacking toolset and it now includes the entire SilverHawk “surveillanceware” family.

The SEA is also ramping up its attacks by creating Trojan versions of fake apps. Lookout has identified over 30 Trojanized versions of popular Android apps that are infected with SilverHawk, including WhatsApp, Microsoft Word, YouTube and Telegram.

As usual, these fake apps are distributed via unofficial third-party Android app stores and attachments in phishing emails.

SilverHawk – the ultimate spyware

Once installed and given system-wide permissions, SilverHawk can take over an entire smartphone’s functions and relay information back to its command-and-control server.

Since it was designed as a complete surveillance tool, here are SilverHawk’s extensive capabilities:

  • Record audio via the infected smartphone’s mic
  • Take photos with the built-in cameras
  • Read contacts, call logs and text messages
  • Copy, move, rename and delete a phone’s local files
  • Read files saved on external storage
  • Download other files to the target device including malware
  • List all installed apps including data and time installed
  • Location and movement
  • Root access
  • Device information like battery levels, Wi-Fi status, carrier info

Image Credit: Lookout

The SEA appears to be targeting WhatsApp and Telegram users more than anyone else since they release more updates to the fake versions of these apps than the others on the list. This makes sense since SilverHawk’s surveillance abilities were largely designed to intercept and steal communications.

Based on Lookout’s report, it looks like SilverHawk has a direct connection with the remote access Trojan malware AndroRAT.

It’s interesting that SilverHawk samples ramped up at the same time AndroRAT samples dropped out.

Image Credit: Lookout

Click here to view Lookout’s Black Hat Europe 2018 presentation slides.

Protect yourself from Android malware

SilverHawk is not the only large-scale Android threat out there! Android security risks are growing each day so it’s vital that you are taking proactive measures to protect yourself.

  • Avoid third-party app stores -As always, to protect yourself against SilverHawk, AndroRAT and other Android malware, the best practice is to avoid downloading and installing apps from “Unknown Sources.” Only download apps from the official Google Play app store and make sure you check user reviews, too, before installing.
  • Never open risky attachments in emails – Don’t open attachments from unsolicited emails. These attachments from fake emails are typically vectors for infections.
  • Be cautious with links -Be careful with links and websites you visit. Drive-by malware downloads could happen anytime without you knowing it. Don’t grant any system permissions to prompt coming from unknown sources.
  • Update your gadget – Make sure that you have downloaded the latest security and operating system updates. These updates usually include patches to help protect your device from the most recent threats.
cryptocurrency e-book hero

New eBook: ‘Cryptocurrency 101’

Don't want to lose your dough to crypto? Check out my new eBook, "Cryptocurrency 101." I walk you through buying, selling, mining and more!

Check it out