What Android Users Need To Know About New Malware

Recently, McAfee’s Mobile Research Team uncovered a new type of Android mobile malware - dubbed SpyAgent -  which targets mnemonic keys by scanning your device for any images that may contain them. A mnemonic key is essentially a 12-word phrase that helps you recover your cryptocurrency wallets. 

The malware cleverly disguises itself as various trustworthy apps, ranging from banking and government services to TV streaming and utilities.

Once one of the fake apps is installed and launched, SpyAgent begins to steal sensitive information and sends it to a remote server controlled by the hackers. 

They often distract users with endless loading screens, unexpected redirects or brief blank screens to hide their true activities. The types of data it targets include:

  • Contacts: The malware pulls the device’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.
  • SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.
  • Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.
  • Device Information: It gathers details about the device itself, like the operating system version. This information helps the attackers customise their malicious activities to be more effective.

The continuous evolution of this malware highlights the ever-changing and sophisticated nature of cyber threats today. We discovered that the perpetrators behind SpyAgent are utilising optical character recognition (OCR) technology - the process of converting an image of text into a machine-readable text format - to analyse and misuse stolen data for financial benefits. 

As the malware advances, employing more intricate methods, forecasting its next moves becomes increasingly challenging. Cybercriminals are constantly enhancing their tactics to better infiltrate and manipulate user environments, escalating the danger posed by these threats over time.

Although the SpyAgent malware isn’t widely prevalent, its impact intensifies when it uses a victim’s contacts to send deceptive SMS messages. These phishing messages, seemingly sent by a familiar contact, are more likely to be trusted and acted upon by recipients. 

For instance, an obituary notice appearing to come from a friend’s number could be perceived as real, greatly raising the likelihood of the recipient engaging with the scam, especially compared to phishing attempts from unknown sources. This strategy introduces a deceptive layer that significantly enhances its effectiveness. 

Early detection of such malware is critical to prevent its proliferation, minimise potential harm and curb further escalation. In response, the McAfee team has taken proactive steps by reporting the active URLs to the relevant content providers, who have promptly removed them.

In today’s evolving cyber threat landscape, it’s crucial for people to be cautious about how they download and install apps and which permissions are granted. Android users should only use the official Google app store as these apps will have been verified before they were made available to download and install.

It may also be worth considering a comprehensive online protection solution which can protect you from the latest smishing and phishing campaigns.

Oliver Devane is Senior Security Researcher at online protection company at McAfee

Image: Denny Müller

You Might Also Read: 

Google's App Store - Full Of Spyware:


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« The Impact Of 5G On iGaming
Who Are The Top 10 Cyber Security Companies? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Messageware

Messageware

Messageware is the market leader in securing, enhancing, and customizing Microsoft Exchange and Outlook Web App.

evoila

evoila

evoila GmbH is one of the leading providers in consulting, analysis, implementation and management of cloud infrastructure.

AEI Cybersecurity

AEI Cybersecurity

AEI brings together companies, Research Centres, Universities, and other organizations interested in promoting new cybersecurity technologies.

High Sec Labs (HSL)

High Sec Labs (HSL)

High Sec Labs develops high-quality, cyber-defense solutions in the field of network and peripheral isolation.

ThreatSpike Labs

ThreatSpike Labs

ThreatSpike Labs provides the first end-to-end fully managed security service for companies of all sizes.

Odyssey

Odyssey

Odyssey is an ISO 27001 certified, Cyber -Security, Infrastructure and Risk Management Solutions integrator and a Managed Security Services Provider.

Repulsa

Repulsa

Repulsa provides state-of-the-art, patented, fast filtering with over 700 million malicious IP addresses and over 30 million categorized site listings updated daily.

Peraton

Peraton

Peraton provides innovative solutions for the most sensitive and critical programs in government today, developed and executed by scientists, engineers, and other experts.

CybrHawk

CybrHawk

CybrHawk is a leading provider of information security-driven risk intelligence solutions focused solely on protecting clients from cyber-attacks.

Eureka Technology Partners

Eureka Technology Partners

Eureka Technology Partners are committed to helping you focus on your business by taking care of your IT infrastructure and data security needs.

McDonald Hopkins

McDonald Hopkins

McDonald Hopkins is a business advisory and advocacy law firm. We focus on insightful legal solutions that help our clients strategically plan for an increasingly competitive future.

Akamai Technologies

Akamai Technologies

Akamai's leading security, compute, and delivery solutions are helping global companies make life better for billions of people, billions of times a day.

JanBask Training

JanBask Training

JanBask Training is a dynamic, highly professional, global online training provider committed to propelling the next generation of technology learners with a whole new way of training experience.

Staley Technologies

Staley Technologies

Staley Technologies is a US nationwide structured cabling, technology integrator, and Managed IT & Cyber Security provider.

M6iT Consulting

M6iT Consulting

M6iT Consulting is an industry-leading solution partner managing the IT requirements for a full range of companies.

Pango

Pango

Pango is a leading provider of digital consumer security solutions.