A new kind of mobile malware that can steal victim’s personal information, including files and victims’ location data is hidden under the guise of a chat app, according to new research from Trend Micro.
Since May, the new mobile malware, which Trend Micro dubs CallerSpy, has appeared on multiple occasions on a phishing site http://gooogle[.]press imitating apps such as Chatrious and Apex App. All users have to do to get infected is click the download button on the site, and then the spyware monitors for commands from the attackers’ command and control server.
It appears to only target Android users for now, according to Trend Micro. The company has not discovered any victims, according to its research.
CallerSpy, which Trend Micro assesses is a targeted espionage campaign, can collect call logs, text messages, contacts, and files from victims. It can also take screenshots and send them back to the command and control server, record audio information, and track an infected device’s location, raising concerns about vulnerable populations that could be unwittingly tracked by this spyware.
It is unclear what actors may be behind this new CallerSpy activity, but it is apparent that they have made efforts to obfuscate their identities, by making their domain registrant information untraceable, according to Trend Micro. They have also worked to lull victims into a false sense of security — the domain google[.]press imitates Google and comes with an imitation Copyright logo to better dupe users to download the spyware.
The new spyware has surfaced just as China has been using mobile malware to conduct mass surveillance and human rights abuses against its Muslim Uighur population in Xinjiang, according to Human Rights Watch and multiple cybersecurity firms. The Chinese government has, for instance, ordered security officials to monitor users of an app called Zapya, which allows users to exchange messages and share the Quran, according to files obtained by the International Consortium of Investigative Journalists.
Chat apps are particularly crucial modes of communication for populations that governments view as political opponents or threats, especially as governments take actions that could push vulnerable populations to seek less mainstream methods of communicating in the face of surveillance. China recently labeled 51 different networking activities as suspicious, including using encrypted communications apps like WhatsApp, as it determines which citizens to detain, which could push Uighurs to seek alternative communications platforms.