What Android Users Need To Know About New Malware

Recently, McAfee’s Mobile Research Team uncovered a new type of Android mobile malware - dubbed SpyAgent -  which targets mnemonic keys by scanning your device for any images that may contain them. A mnemonic key is essentially a 12-word phrase that helps you recover your cryptocurrency wallets. 

The malware cleverly disguises itself as various trustworthy apps, ranging from banking and government services to TV streaming and utilities.

Once one of the fake apps is installed and launched, SpyAgent begins to steal sensitive information and sends it to a remote server controlled by the hackers. 

They often distract users with endless loading screens, unexpected redirects or brief blank screens to hide their true activities. The types of data it targets include:

  • Contacts: The malware pulls the device’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.
  • SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.
  • Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.
  • Device Information: It gathers details about the device itself, like the operating system version. This information helps the attackers customise their malicious activities to be more effective.

The continuous evolution of this malware highlights the ever-changing and sophisticated nature of cyber threats today. We discovered that the perpetrators behind SpyAgent are utilising optical character recognition (OCR) technology - the process of converting an image of text into a machine-readable text format - to analyse and misuse stolen data for financial benefits. 

As the malware advances, employing more intricate methods, forecasting its next moves becomes increasingly challenging. Cybercriminals are constantly enhancing their tactics to better infiltrate and manipulate user environments, escalating the danger posed by these threats over time.

Although the SpyAgent malware isn’t widely prevalent, its impact intensifies when it uses a victim’s contacts to send deceptive SMS messages. These phishing messages, seemingly sent by a familiar contact, are more likely to be trusted and acted upon by recipients. 

For instance, an obituary notice appearing to come from a friend’s number could be perceived as real, greatly raising the likelihood of the recipient engaging with the scam, especially compared to phishing attempts from unknown sources. This strategy introduces a deceptive layer that significantly enhances its effectiveness. 

Early detection of such malware is critical to prevent its proliferation, minimise potential harm and curb further escalation. In response, the McAfee team has taken proactive steps by reporting the active URLs to the relevant content providers, who have promptly removed them.

In today’s evolving cyber threat landscape, it’s crucial for people to be cautious about how they download and install apps and which permissions are granted. Android users should only use the official Google app store as these apps will have been verified before they were made available to download and install.

It may also be worth considering a comprehensive online protection solution which can protect you from the latest smishing and phishing campaigns.

Oliver Devane is Senior Security Researcher at online protection company at McAfee

Image: Denny Müller

You Might Also Read: 

Google's App Store - Full Of Spyware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Impact Of 5G On iGaming
Who Are The Top 10 Cyber Security Companies? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MyCERT

MyCERT

MyCERT is the National Computer Emergency Response Team of Malaysia.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Tigerscheme

Tigerscheme

Tigerscheme is a certification scheme for information security specialists, backed by University standards and covering a wide range of expertise.

Berwick Partners

Berwick Partners

Berwick Partners’ Cyber Security Practice is a leading recruiter of senior management positions in this field; we have an exceptional understanding of the constantly changing Cyber landscape.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

CyberCareers.gov

CyberCareers.gov

CyberCareers.gov is a platform for Cybersecurity Job Seekers, Federal Hiring Managers and Supervisors, Current Federal Cybersecurity Employees, Students and Universities.

Cloudrise

Cloudrise

Cloudrise are elevating cloud security, data protection, and privacy through assessment, technology enablement, and process automation.

SecZetta

SecZetta

SecZetta provides third-party identity risk solutions that are easy to use, and purpose built to help organizations execute risk-based identity access and lifecycle strategies.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Focal Point

Focal Point

We aspire to be the focal point for Medium and Small size companies providing 24/7 cyber security advice, services and solutions.

Fluid Attacks

Fluid Attacks

Fluid Attacks specialize in red team operations as well as technology development that continuously enhance our security testing services.

Protos Labs

Protos Labs

Protos Labs enables insurers & enterprises to make better cyber risk decisions through holistic, real-time risk management tools.

Digital Security Authority (DSA)

Digital Security Authority (DSA)

The establishment of the Digital Security Authority, which incorporates the National CSIRT, is crucial to significantly raising the cybersecurity posture and capabilities of Cyprus.

Venticento

Venticento

Venticento is an IT company specialized in consulting and network support and assistance for companies that need to make their business processes more effective.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.