Trend Micro specialists discovered malware Callerpy, which they believe may be part of a larger cyber spy campaign. Malware targeted at Android users, designed to track calls, text messages and so on.
For the first time, researchers noticed a threat back in May of this year: a fake Google page advertised a chat application called Chatrious. Soon after the discovery, the page with the APK file disappeared, and the malware was re-noticed only in October of this year, already disguised as a chat called Apex App. Both of these applications were just a screen for Calvary’s Malvari.
The malicious site hosting CallerSpy-infected applications mimics Google, although a quick check of the URL shows that the word “O” is in the Google word. Unfortunately, in some mobile browsers this information is not always displayed and is not always noticeable. Experts note that the domain was registered in February 2019, but there is no information about its owners.
Although the malware spread under the guise of chat applications, in fact they do not contain any functionality of this kind, but they were stuffed with spyware functions.
Researchers say that after downloading and launching the application, they connected to the management server and expected further commands. At the command of its operators, CallerSpy is able to collect call logs, text messages, lists of contacts and files on the device, can use a microphone to record ambient sounds, and also take screenshots of any user actions. All stolen data is transmitted to attackers.
So far, Trend Micro experts are at a loss to say what the motives of the attackers are and who this malicious campaign can be targeted for, since so far no CallerSpy infections have been detected among users.
Although while CallerSpy is focused exclusively on Android users, judging by the download section on the site that hosts the fake chat application, attackers also plan to distribute versions for Apple and Windows. This may indicate that in the future CallerSpy will be associated with a larger malware campaign.