Skip to content

New Android Virus Extracts Your Facebook, Skype, Telegram Messages

April 3, 2018

Security company warns of new Android malware in the wild

Android devices are being targeted by a new form of malware that is specifically aimed at stealing private conversations on IM applications like Facebook Messenger, Skype, Telegram, Twitter, Viber, and others.

The malware, which was detected by Trustlook (via FossBytes), has the capabilities to modify the “/system/etc/” file in order to start at every boot, thus making sure that it can extract instant messaging data even if the device is restarted.

The first infected application is called Cloud Module and is spreading in China as package name
It hasn’t yet reached the Google Play Store, and most likely the malware is supposed to target devices using non-store distribution tactics, such as email and downloads from third-party hosting sites.

Chats uploaded to remote server

In other words, Android users who only install apps from the Google Play store should be safe.
While Android security solutions could detect the Trojan, Trustlook warns that the malware was designed to avoid detection, including anti-emulator and debugger detection techniques that make it possible to bypass dynamic analysis.

Code obfuscation/hiding increases the malware author’s ability to avoid detection and becomes a sophisticated challenge to anti-virus software,” Trustlook notes in its analysis

Once the malware manages to compromise an Android device, it automatically looks for conversations in the said applications.
The data is extracted and then sent to a remote server.
The security vendor says the server’s IP address is mentioned in the malware configuration file, allowing the Trojan to operate without any further command send by the author.

The full list of instant messaging apps that are being targeted by the malware is available below, and keep in mind that as long as you stick with legitimate download sources for Android apps, this new form of malware is highly unlikely to compromise your device.
Also, if you’re running third-party security software, updating it should help block any possible intrusion.


No comments yet

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: