There’s a new Android spyware in town now, rolling on the web. According to TrendMicro researchers, a spyware dubbed CallerSpy is currently trying to capture the personal data of Internet users. Once downloaded on your Android smartphone, the malware begins to take screenshots of everything you do on the phone without your knowledge.
How Android Spyware Callerspy Works
“We found a new spyware family disguised as chat apps on a phishing website.” TrendMicro experts say.
According to the team, the malware is spreading via APK files on the Internet. So far, and unlike many Android malware, CallerSpy is yet to find a way to penetrate the Google Play Store.
In most cases, CallerSpy masquerades as an ultra-secure email application called Apex App or Chatrious. These dummy applications are only available for download on sites set up by hackers. To deceive the vigilance of Internet users, hackers try to make users believe that the site belongs to Google.
Once installed on your phone, CallerSpy will make every effort to collect all your personal data. For its part, the promised instant messaging application simply does not work. The malware will then launch malicious commands remotely to intercept all the contents of your device: your SMS, the log of your phone calls, the complete list of your contacts and all the photo and video files. As a reminder, these data have a market value on the dark web.
CallerSpy does not stop there. In order to seize your login details, your password and your bank details, the malware will make screenshots without you being aware. These captures are quickly transferred to a remote server. Again, this information can be resold against cryptocurrencies in black markets. For example, a hacked Facebook account resells an average of $2.50 on the dark web. PayPal accounts were between 10 and 100 dollars. It all depends on credit cards related to that accounts.
Should iOS and Windows Users Be Worried About Callerspy’s Spread?
For now, CallerSpy only attacks Android-powered smartphones and tablets. According to TrendMicro, hackers behind the campaign can quickly attack iOS devices (iPhone or iPad) and Windows computers. Sites intended to trap victims mention indeed versions of Apex App for iOS and Windows. Trend Micro, therefore, advises users to be cautious and avoid software found on unofficial sites. The researchers assure that the investigation concerning CallerSpy is still open.