Legit Apps Turned into Spyware


A recent attack campaign is targeting Android users in the Middle East, which is a malware turning legitimate applications into spyware (i.e. spy on users) by injecting an additional malicious payload into them.
Technical details
The malware used is named "Triout" where attackers are still actively using the Baksmali tool to disassemble and then reassemble the code of a legitimate app after injecting their malicious code in it - a technique commonly known as Smali injection.
The malware is designed to steal almost all accessible information, including call recordings, make calls or send messages to specific numbers, record surrounding audio, takeover camera, text messages, photos, videos, and location data, all without users' knowledge.
Means of infection
The infection is performed by sending links via WhatsApp messenger directly to users in order to download applications containing the malware.
Current status
The attack campaign is still ongoing, and attackers could potentially distribute malicious repackaged versions of legitimate apps through third-party app stores, instant messengers, or attacker-controlled online webpages.
Security recommendation
For this reason, we recommend users to avoid installing malicious Apps and always download Apps from trusted sources only, like Google Play Store, in order to refrain from becoming a victim to this attack.
©2024 LGB BANK s.a.l. , All rights reserved | List of Banks No. 94 , R.C.B
Online banking services licensed by virtue of BDL letter number 11/138 dated March 30,2012.