SpyDealer Android Malware Steals Data from WhatsApp and Facebook
Cyber security researchers have discovered a new Android malware dubbed “SpyDealer” that can hack most popular social media, communication, browser, and mobile mail client apps to steal and exfiltrate data.
Who is Vulnerable?
All Android mobile devices running on older Android OS versions – from Froyo 2.2 to the KitKat 4.4; and any user with the app “Baidu Easy Root” installed are vulnerable. Android mobiles with OS versions later than KitKat 4.4 are not vulnerable.
How does the SpyDealer Malware Infect?
The SpyDealer malware first gains root privileges to the Android operating system by stealing root exploits from the Baidu Easy Root app. This allows SpyDealer to steal and exfiltrate data. This malware can steal private data from more than 40 popular social media, browser, communication, and mobile mail client apps such as Facebook, WeChat, WhatsApp, Skype, Line, Viber, QQ, Telegram, Kik, KeeChat Messenger, BBM, TalkBox Voice Messenger, Voxer Walkie Talkie Messenger, Zello PTT Walkie Talkie, Tango, Android Native Browser, Baidu Browser, FireFox Browser, Oupeng Browser, Tencent QQ Browser, Lenovo Browser, Qihoo Browser, NetEase Mail, Tencent QQ Mail, 189 Mail, Baidu Net Disk, and Zapya.
SpyDealer abuses the Android accessibility service feature to steal data from these apps. The operator of the malware can completely control the infected device remotely, and use it to take photos, record calls, and acquire and monitor the location of the device. SpyDealer also leaks critical information such as the phone number, the IMEI number of the device, contact list, information about Wi-Fi, and SMS communication.
Vulnerable Operating System Versions
Researchers have reported significant vulnerabilities in the KitKat 4.4 Android version, and have recommended for quite some time that users migrate to later Android versions. As with any operating system, vulnerabilities will be discovered and exploited. Therefore, it is safer for users to move on to the latest operating systems that provide better security and receive support.
Cyber security researchers report that SpyDealer has not been able to penetrate the Google Play Store, so users who download apps only from the official Google Play Store are safe from the malware.
Recommended Safety Measures
Though the Android operating system has security features to protect the device from malware attacks, cyber security experts are of the opinion that they may not be adequate. Downloading apps only from the official Google Play Store, not opening attachments from suspicious sources, and a robust cloud-based antivirus solution that is effective against zero-day exploits and evolving next-generation threats are prudent safety measures to protect against Android malware.
Kevin Jones950 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.