A new Android spyware is rolling on the web. According to TrendMicro researchers, A spyware called CallerSpy is currently trying to seize the personal data of Internet users. Once infiltrated on your smartphone, the malware takes screenshots of everything you do without your knowledge.
Android spyware CallerSpy takes blind screen captures
“We found a new spyware family disguised as chat apps on a phishing website.” TrendMicro experts say. According to them, the malware is spreading via APK files on the Internet. So far, and unlike many Android malware, CallerSpy has fortunately failed to penetrate the Google Play Store.
In most cases, CallerSpy masquerades as an ultra-secure email application called Apex App or Chatrious. These dummy applications are only available for download on sites set up by hackers. To deceive the vigilance of Internet users, hackers try to make users believe that the site belongs to Google.
Once installed on your phone, CallerSpy will make every effort to collect all your personal data. For its part, the promised instant messaging application simply does not work. The malware will then launch malicious commands remotely to intercept all the contents of your device: your SMS, the log of your phone calls, the complete list of your contacts and all the photo and video files. As a reminder, these data have a market value on the dark web.
CallerSpy does not stop there. In order to seize your login details, your password and your bank details, the malware will make screenshots without you being aware. These captures are quickly transferred to a remote server. Again, this information can be resold against cryptocurrencies in black markets. For example, a hacked Facebook account resells an average of $2.50 on the dark web. PayPal accounts were between 10 and 100 dollars. It all depends on credit cards related to that accounts.
Will CallerSpy spread on iOS and Windows?
For now, CallerSpy only attacks Android-powered smartphones and tablets. According to TrendMicro, hackers behind the campaign can quickly attack iOS devices (iPhone or iPad) and Windows computers. Sites intended to trap victims mention indeed versions of Apex App for iOS and Windows. Trend Micro, therefore, advises users to be cautious and avoid software found on unofficial sites. The researchers assure that the investigation concerning CallerSpy is still open.