New Android Malware Triout Discovered, Spying Devices

Triout an Android malware made smartphones at risk!

Bitdefender researchers have discovered an Android malware named Triout which seems to have obtrusive capabilities that record phone calls and steal pictures. Researchers found this malware for the first time a month ago but its activity seems to have continued from mid-May.

The researchers found this malware when it was first uploaded in VirusTotal, a website that aggregates multiple antivirus scanning engines. The Bitdefender’s researchers found that the malware seems to have concealed in a clone of a legitimate application, but were unable to find the origin of this malicious app. Although, the first doubt came into their mind was a third-party Android app store.

According to the researchers, the first sample of malware came from Russia which was uploaded on VirusTotal but successively uploaded from an Israeli IP.

“Triout” a Capable Spyware

As for the malware itself, Triout comes with some pretty advanced features. According to a 16-page white paper on the malware’s capabilities published earlier, it can:

– record every call taking place on the phone
– upload recorded phone calls to a remote server
– steal call log data
– collect and steal SMS messages
– send phone’s GPS coordinates to a remote server
– upload a copy of every picture taken with the phone’s cameras to a remote server
– hide from the user’s view

android spyware

The above-mentioned features are some of the advanced high-level capabilities of this malware that require an advanced knowledge of Android OS.

But Bitdefender says that despite the malware’s advanced capabilities, its authors appear to have also slipped up.

“What’s striking […] is that it’s completely unobfuscated, meaning that simply by unpacking the [cloned app’s] .apk file, full access to the source code becomes available,” Bitdefender wrote in its report, suggesting that they had no difficulty in accessing and analyzing Triout’s entire feature set.

“This could suggest the [Triout] framework may be a work-in-progress, with developers testing features and compatibility with devices,” researchers added.

C&C of Triout are still up and running

The security analysts seem to have no clues about Triout and its working group. Maybe a nation-state hacker or a cyber-criminal involved in some sort of economic espionage.

However, Triout operators don’t appear to have detected Bitdefender researchers sniffing around their command and control server.

“The collected data appears to be operational to The C&C (command and control) server application which is running since May 2018,” the Romania-based antivirus firm said, suggesting that the new malware campaigns are most likely going on as we speak.

Leave a Reply

Your email address will not be published. Required fields are marked *