Android smartphone users are being warned about a spying strain of malware that was spread via the Google Play Store.
Android fans are being warned about the “extremely powerful” Triout spyware that was found on an app listed on the Google Play Store.
The Triout malware gathers records of every call a user of the Google mobile OS makes, logs of SMS messages and every picture or video a victim takes.
It can also capture GPS co-ordinates of an Android user and then send these sensitive details to an attacker-controlled command-and-control server.
The malware was uncovered by cybersecurity experts Bitdefender and was found on an app that appeared on the Google Play Store.
The nefarious software was discovered on an Android app called ‘Sex Game’ which was available in the Google Play Store in 2016.
It has since been removed from the official Android portal for apps.
Speaking to Threatpost, Bitdefender senior e-threat analyst Bogdan Botezatu said: “I personally think [what] we are looking at is an alpha build of a bigger, more potent espionage tool.”
He added: “While this Trojan is extremely powerful and has the ability to record and upload phone calls, as well as use cameras and make its way into the Play Store, its code was left completely unobfuscated.”
Botezatu went on to explain that he believes the Triout malware is meant to be used in highly targeted attacks.
One possible use of such sensitive information stolen from individuals is blackmail.
Botezatu said: “We believe that this is a highly targeted attack against a limited set of people, most of who are in Israel.
“We also presume that this application targets several key victims for espionage or data collection purposes.
“Since the application records phone calls and exfiltrates short messages, we believe that whoever gets the information has the ability to translate and make sense of the information collected.
“Gathering such information in a variety of languages has no real commercial value, and a local team of attackers should be fluent in dozens of languages to obtain valuable information.”
The news comes after last month Express.co.uk reported that security experts issued a Google Play Store warning about almost 150 apps.
The majority of the infected apps were released on the Google Play Store between October and November 2017.
So the nefarious Android apps had been on the Google Play Store for more than half a year.
Among the apps are a number which have more than 1,000 installations and are promoted by four-star ratings.
However, unlike other recent Android security threats this time around there is a catch.
The malware found on the 145 apps that were located on the Google Play Store contains malicious Microsoft Windows executable files.
So this malware cannot infect Android devices because it needs a Windows system to be executed.
However, Palo Alto Networks, who made the discovery, warned that this latest malware discovery is a “threat to the software supply chain”.
The security experts said: “The fact that these APK files are infected indicates that the developers are creating the software on compromised Windows systems that are infected with malware.
“This type of infection is a threat to the software supply chain, as compromising software developers has proven to be an effective tactic for wide scale attacks.”
They added: “Most of the infected apps were released to Google Play between October 2017 and November 2017, which means these apps have been in Google Play for more than half a year.”
All of the infected apps have now been removed from the Google Play Store.