What Android Users Need To Know About New Malware

Recently, McAfee’s Mobile Research Team uncovered a new type of Android mobile malware - dubbed SpyAgent -  which targets mnemonic keys by scanning your device for any images that may contain them. A mnemonic key is essentially a 12-word phrase that helps you recover your cryptocurrency wallets. 

The malware cleverly disguises itself as various trustworthy apps, ranging from banking and government services to TV streaming and utilities.

Once one of the fake apps is installed and launched, SpyAgent begins to steal sensitive information and sends it to a remote server controlled by the hackers. 

They often distract users with endless loading screens, unexpected redirects or brief blank screens to hide their true activities. The types of data it targets include:

  • Contacts: The malware pulls the device’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.
  • SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.
  • Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.
  • Device Information: It gathers details about the device itself, like the operating system version. This information helps the attackers customise their malicious activities to be more effective.

The continuous evolution of this malware highlights the ever-changing and sophisticated nature of cyber threats today. We discovered that the perpetrators behind SpyAgent are utilising optical character recognition (OCR) technology - the process of converting an image of text into a machine-readable text format - to analyse and misuse stolen data for financial benefits. 

As the malware advances, employing more intricate methods, forecasting its next moves becomes increasingly challenging. Cybercriminals are constantly enhancing their tactics to better infiltrate and manipulate user environments, escalating the danger posed by these threats over time.

Although the SpyAgent malware isn’t widely prevalent, its impact intensifies when it uses a victim’s contacts to send deceptive SMS messages. These phishing messages, seemingly sent by a familiar contact, are more likely to be trusted and acted upon by recipients. 

For instance, an obituary notice appearing to come from a friend’s number could be perceived as real, greatly raising the likelihood of the recipient engaging with the scam, especially compared to phishing attempts from unknown sources. This strategy introduces a deceptive layer that significantly enhances its effectiveness. 

Early detection of such malware is critical to prevent its proliferation, minimise potential harm and curb further escalation. In response, the McAfee team has taken proactive steps by reporting the active URLs to the relevant content providers, who have promptly removed them.

In today’s evolving cyber threat landscape, it’s crucial for people to be cautious about how they download and install apps and which permissions are granted. Android users should only use the official Google app store as these apps will have been verified before they were made available to download and install.

It may also be worth considering a comprehensive online protection solution which can protect you from the latest smishing and phishing campaigns.

Oliver Devane is Senior Security Researcher at online protection company at McAfee

Image: Denny Müller

You Might Also Read: 

Google's App Store - Full Of Spyware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Impact Of 5G On iGaming
Who Are The Top 10 Cyber Security Companies? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Virus Bulletin

Virus Bulletin

Virus Bulletin is an online security information portal and certification body, providing users with independent intelligence about the latest developments in the global threat landscape.

Honeynet Project

Honeynet Project

The Honeynet Project is a leading international non-profit security research organization, dedicated to investigating the latest attacks and developing open source security tools.

Search Guard

Search Guard

Search Guard® is an Open Source security suite for #Elasticsearch and the entire #ELK stack that offers encryption, authentication, authorization, audit logging and multi tenancy.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Cyentia Institute

Cyentia Institute

The Cyentia Institute is a research & data science firm with a mission to advance knowledge in the cybersecurity industry.

SAIFE

SAIFE

SAIFE has adapted a Software Defined Perimeter approach and paired it with a Zero Trust model that defines access by the user, their device, and where they are located.

Alias Robotics

Alias Robotics

Alias Robotics is a robot cyber security company. We deliver cyber security solutions for robots and robot components.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Cymptom

Cymptom

At Cymptom our purpose is to enable security managers to see at a glance all urgently risky gaps  in their organizations’ security posture at any given moment.

Resolvo Systems

Resolvo Systems

Resolvo is provides comprehensive security assessment and testing services in Asia.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

Lavabit

Lavabit

Lavabit's Dark Internet Mail Environment is a secure, open-source, secure end-to-end communications platform for asynchronous messaging across the internet.

Torch.AI

Torch.AI

Torch.AI’s Nexus™ platform changes the paradigm of data and digital workflows, forever solving core impediments caused by the ever-increasing volume and complexity of information.

Brightsolid

Brightsolid

Brightsolid are experts in Hybrid Cloud. We design, build and manage secure, scalable cloud environments that meet customers’ business ambitions.

Carahsoft Technology Corp

Carahsoft Technology Corp

Carahsoft Technology is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets.

Assurestor

Assurestor

Assurestor's singular focus is delivering leading cloud-based backup and disaster recovery designed to increase levels of IT resilience.