Short Bytes: The security researchers have identified a malware named SpyDealer, which affects Android smartphones running Android versions between 4.4 KitKat and 2.2 Froyo. SpyDealer abuses a popular rooting app to gain root permissions. After that, the malware gets the power to exfiltrate private data from more than 40 apps, including Facebook, WhatsApp, etc.A few days ago I told you about the CopyCat malware for Android smartphone that infected about 14 million devices and the malware authors earned about $1.5 million via fraudulent ads. Now, the security researchers at Palo Alto Network have identified a malware that has the power to hack 40 or more social media accounts.
Before going ahead and tell you the details of the malware, let me inform you that this malware, called SpyDealer, affects only the Android versions between 4.4 KitKat and 2.2 Froyo. These users account for about 25% of the total Android users, i.e., 500 million.
What does SpyDealer malware do?
SpyDealer has advanced capabilities like exfiltrating data private data from more than 40 popular apps. The list of the targeted apps includes the following:
WeChat, Facebook, WhatsApp, Skype, Line, Viber, QQ, Tango, Telegram, Sina Weibo, Tencent Weibo, Android Native Browser, Firefox Browser, Oupeng Brower, QQ Mail, NetEase Mail, Taobao, and Baidu Net Disk
SpyDealer malware abuses the Android Accessibility Service feature for stealing sensitive messages from the above-mentioned communication applications. This malware also puts your personal information like phone number, IMEI, SMS, contacts, call history, WiFi information, etc. The malware abuses the popular Baidu Easy Root app to gain root privileges.
That’s not all. The SpyDealer malware also has the capability to remotely control the device via UDP, TCP, and SMS channels. As SpyDealer has complete control over the device, it can record calls, take photos and monitor the device location.
According to the Palo Alto Network researchers, the malware hasn’t been able to penetrate Play Store and use it as a distribution channel. They suspect that the malware initially spread via compromised wireless networks of the Chinese users.
As per latest data, SpyDealer’s 1046 samples have been identified and it’s still under active development.
You can read the detailed technical information on SpyDealer malware by visiting this article by Palo Alto Networks.