What Android Users Need To Know About New Malware
Recently, McAfee’s Mobile Research Team uncovered a new type of Android mobile malware - dubbed SpyAgent - which targets mnemonic keys by scanning your device for any images that may contain them. A mnemonic key is essentially a 12-word phrase that helps you recover your cryptocurrency wallets.
The malware cleverly disguises itself as various trustworthy apps, ranging from banking and government services to TV streaming and utilities.
Once one of the fake apps is installed and launched, SpyAgent begins to steal sensitive information and sends it to a remote server controlled by the hackers.
They often distract users with endless loading screens, unexpected redirects or brief blank screens to hide their true activities. The types of data it targets include:
- Contacts: The malware pulls the device’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.
- SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.
- Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.
- Device Information: It gathers details about the device itself, like the operating system version. This information helps the attackers customise their malicious activities to be more effective.
The continuous evolution of this malware highlights the ever-changing and sophisticated nature of cyber threats today. We discovered that the perpetrators behind SpyAgent are utilising optical character recognition (OCR) technology - the process of converting an image of text into a machine-readable text format - to analyse and misuse stolen data for financial benefits.
As the malware advances, employing more intricate methods, forecasting its next moves becomes increasingly challenging. Cybercriminals are constantly enhancing their tactics to better infiltrate and manipulate user environments, escalating the danger posed by these threats over time.
Although the SpyAgent malware isn’t widely prevalent, its impact intensifies when it uses a victim’s contacts to send deceptive SMS messages. These phishing messages, seemingly sent by a familiar contact, are more likely to be trusted and acted upon by recipients.
For instance, an obituary notice appearing to come from a friend’s number could be perceived as real, greatly raising the likelihood of the recipient engaging with the scam, especially compared to phishing attempts from unknown sources. This strategy introduces a deceptive layer that significantly enhances its effectiveness.
Early detection of such malware is critical to prevent its proliferation, minimise potential harm and curb further escalation. In response, the McAfee team has taken proactive steps by reporting the active URLs to the relevant content providers, who have promptly removed them.
In today’s evolving cyber threat landscape, it’s crucial for people to be cautious about how they download and install apps and which permissions are granted. Android users should only use the official Google app store as these apps will have been verified before they were made available to download and install.
It may also be worth considering a comprehensive online protection solution which can protect you from the latest smishing and phishing campaigns.
Oliver Devane is Senior Security Researcher at online protection company at McAfee
Image: Denny Müller
You Might Also Read:
Google's App Store - Full Of Spyware:
If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.
- Individual £5 per month or £50 per year. Sign Up
- Multi-User, Corporate & Library Accounts Available on Request
- Inquiries: Contact Cyber Security Intelligence
Cyber Security Intelligence: Captured Organised & Accessible