Android has been long targeted by attackers. There have been multiple cases of Android malware and ransomware, and even cryptocurrency miners posing as apps. Android has always been lucrative for malicious actors, and the quickly evolving threat landscape for the mobile operating system is a constant proof.
With that in mind, it comes to no surprise that Trend Micro researchers came across a type of malware posing as apps deployed for cyber espionage purposes. For now, only users in the Middle Eastern countries have been targeted, but the attack vector could quickly change depending on the group operating the malware. The apps were published on Google Play and third-party app stores. Because of the name of the malware’s payload, watchdog, the researchers named the apps AnubisSpy.
It’s believed that the AnubisSpy malicious operation is tied to the Sphinx cyber espionage campaign also known as APT-C-15. File structures, command and control servers and targets in the two campaigns are strikingly similar, meaning that the same group is likely behind both of them.
AnubisSpy Android Malware Capabilities
According to the research, the malware can steal SMS messages, photos, videos, contacts, email accounts, calendar events, and browser histories. It can also take screenshots and record audio, calls inclusive. Not only this, but it can also spy on the victim via apps installed on the device. This list is in the configuration file and can be updated, and apps like Skype, WhatsApp, Facebook and Twitter are included.
Once all the data is collected by the AnubisSpy malware, it is encrypted and sent to the command and control server. What is worse is that the malware is capable of self-destruct meaning that it can cover all of its tracks. AnubisSpy can run commands and delete files on the device, as well as install and uninstall Android Application Packages (APKs), the researchers discovered.
AnubisSpy and Android: What Are the Consequences for the Mobile Landscape?
“Persistent and furtive spyware is an underrated problem for the mobile platform,” Trend Micro researchers point out.
While cyberespionage campaigns on mobile devices may be few and far between compared to ones for desktops or PCs, AnubisSpy proves that they do indeed occur, and may have been more active than initially thought.
Earlier this year, researchers at G Data discovered that 750,000 new Android malware apps had been discovered only in the first quarter of 2017. This means that approximately 8,400 new malware instances were unveiled every day.
How Can Android Users Protect Their Devices?
All this Android malware simply means that thorough protection is crucial to Android security.
In other words, an effective security solution is becoming increasingly important for smartphones and tablets. This software should implement a virus scanner that checks the mobile device for the various types of evolving malware targeting Android. It should also include surfing and phishing protection to secure users against dangerous emails and websites.
Android devices should be protected and should be treated as thoughtfully as Windows computers. Keeping both the operating system and the installed applications up-to-date is crucial. Running the latest Android version is essential to security. In addition to this necessity, new devices appear all the time, some of them low budget thus preferred by consumers. What is troublesome with Android that, unlike Windows, it’s not exactly clear with all the third-party providers how long a device will be updated with the needed security patches.