Do you know what questions to ask when you're looking for an IT firm? We're here to help. Get the free guide delivered right to your inbox:
Researchers identified an Android malware campaign targeting Android users via a remote control system (RAT), which can spy on mobile devices, record video and take pictures from the camera. The malware, dubbed TriOut, is the latest in a series of Android spying programs.
The campaign is defined as “low-level” due to its lack of sophistication: it does not rely on sophisticated exploits or novel methods to stay under the radar. Instead, TriOut relies on social engineering to trick users into installing malicious apps from outside Google Play and using phishing techniques to coax users into giving up their credentials. If you spot any suspicious messages or notice that your phone has been acting strangely, connect your phone to a trusted computer with security software and immediately update your device’s operating system and all installed applications with the latest version available.
According to Symantec, which investigated the case together with the Cloud Armor security company, the attackers started their campaign by registering a domain that mimicked Snapchat. The rogue domain would host the malware, which is disguised as a legitimate app. If you open one of these malicious apps from outside Google Play, you will be prompted to install multiple third-party applications listed on the page. This will lead to your Android being infected by TriOut without your consent.
The malware was detected in apps hosted on a website that resembled Snapchat’s official site and prompts users to install two or three third-party applications during installation of an initial app. Once the malware is installed, it will generate a unique modification ID and delete its original package from the Play Store to hide its presence. This trick is created to make it more difficult for security software to detect the TriOut rootkit.