What Android Users Need To Know About New Malware

Uploaded on 2024-09-16 in TECHNOLOGY--Resilience, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Recently, McAfee’s Mobile Research Team uncovered a new type of Android mobile malware - dubbed SpyAgent -  which targets mnemonic keys by scanning your device for any images that may contain them. A mnemonic key is essentially a 12-word phrase that helps you recover your cryptocurrency wallets. 

The malware cleverly disguises itself as various trustworthy apps, ranging from banking and government services to TV streaming and utilities.

Once one of the fake apps is installed and launched, SpyAgent begins to steal sensitive information and sends it to a remote server controlled by the hackers. 

They often distract users with endless loading screens, unexpected redirects or brief blank screens to hide their true activities. The types of data it targets include:

  • Contacts: The malware pulls the device’s entire contact list, which could be used for further deceptive practices or to spread the malware even further.
  • SMS Messages: It captures and sends out all incoming SMS messages, which might include private codes used for two-factor authentication or other important information.
  • Photos: The app uploads any images stored on the device to the attackers’ server. These could be personal photos or other sensitive images.
  • Device Information: It gathers details about the device itself, like the operating system version. This information helps the attackers customise their malicious activities to be more effective.

The continuous evolution of this malware highlights the ever-changing and sophisticated nature of cyber threats today. We discovered that the perpetrators behind SpyAgent are utilising optical character recognition (OCR) technology - the process of converting an image of text into a machine-readable text format - to analyse and misuse stolen data for financial benefits. 

As the malware advances, employing more intricate methods, forecasting its next moves becomes increasingly challenging. Cybercriminals are constantly enhancing their tactics to better infiltrate and manipulate user environments, escalating the danger posed by these threats over time.

Although the SpyAgent malware isn’t widely prevalent, its impact intensifies when it uses a victim’s contacts to send deceptive SMS messages. These phishing messages, seemingly sent by a familiar contact, are more likely to be trusted and acted upon by recipients. 

For instance, an obituary notice appearing to come from a friend’s number could be perceived as real, greatly raising the likelihood of the recipient engaging with the scam, especially compared to phishing attempts from unknown sources. This strategy introduces a deceptive layer that significantly enhances its effectiveness. 

Early detection of such malware is critical to prevent its proliferation, minimise potential harm and curb further escalation. In response, the McAfee team has taken proactive steps by reporting the active URLs to the relevant content providers, who have promptly removed them.

In today’s evolving cyber threat landscape, it’s crucial for people to be cautious about how they download and install apps and which permissions are granted. Android users should only use the official Google app store as these apps will have been verified before they were made available to download and install.

It may also be worth considering a comprehensive online protection solution which can protect you from the latest smishing and phishing campaigns.

Oliver Devane is Senior Security Researcher at online protection company at McAfee

Image: Denny Müller

You Might Also Read: 

Google's App Store - Full Of Spyware:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Impact Of 5G On iGaming
Who Are The Top 10 Cyber Security Companies? »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BSI Group

BSI Group

BSI is the business standards company that equips businesses with the necessary solutions to turn standards of best practice into habits of excellence

StratoKey

StratoKey

StratoKey is an intelligent Cloud Access Security Broker (CASB) that secures your cloud and SaaS applications against data breaches, so you can do secure and compliant business in the cloud.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

Recorded Future

Recorded Future

Recorded Future arms security teams with threat intelligence powered by patented machine learning to lower risk.

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC)

Cyber Defense Initiative Conference (CDIC) is one of the most distinguished Cybersecurity, Privacy and Information Security Conference in Thailand and Southeast Asia.

CipherTrace

CipherTrace

CipherTrace develops cryptocurrency Anti-Money Laundering, cryptocurrency forensics, and blockchain threat intelligence solutions.

Montimage

Montimage

Montimage develops tools for testing and monitoring networks, applications and services; in particular, for the verification of functional, performance (QoS/QoE) and security aspects.

Nuspire

Nuspire

Nuspire provide services to protect your network with best-in-class managed detection and response, allowing you to stay focused on managing your business.

Excelsecu Data Technology

Excelsecu Data Technology

Excelsecu is a global solution provider of online identity authentication, widely applied in banks, government bodies and enterprises.

Satori Cyber

Satori Cyber

The Satori Cyber Secure Data Access Cloud is the first solution on the market to offer continuous visibility and granular control for data flows across all cloud and hybrid data stores.

Spin Technology

Spin Technology

SpinOne is a SaaS data protection platform designed to monitor, secure, and back up your G Suite and O365 data, improve compliance, and reduce IT costs.

VikingCloud

VikingCloud

VikingCloud (formerly Sysnet Global Solutions) offers organizations an integrated cybersecurity and compliance solution to make informed, predictive, and cost-effective risk mitigation and prevention

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

Oxylabs

Oxylabs

Oxylabs is the largest datacenter proxy pool in the market, with over 2 million proxies. Designed for high-traffic, fast web data gathering while ensuring superior performance.

Forthright Technology Partners

Forthright Technology Partners

Forthright Technology Partners (Forthright) is a next-generation cloud and managed IT services provider serving a global clientele.

Equixly

Equixly

Equixly is revolutionizing application security by empowering developers and organizations to build more secure software, elevate their security posture, and stay ahead of emerging threats.