A new Android malware strain dubbed Triout found bundled with a repackaged app contains surveillance capabilities and ability to hide the presence in the device.
Security researchers from Bitdefender identified the new Triout malware that contains extensive surveillance capabilities. The malware appears to be first uploaded to virustotal from Russia and most came from Israel.
The Triout malware is a cloned version of the original app that has been removed from Google play in 2016, researchers unclear about how the malware is being distributed, possibly it could be through third-party app stores or through the sites controlled by attackers.
Researchers said in the report that the framework may be a work-in-progress, with developers testing features and compatibility with device
Triout Malware Capabilities
It is completely unobfuscated and the C&C servers are still active since May 2018 and it communicates to the C&C server through a single hardcoded IP.
The Spyware records every incoming/outgoing call, and then it sends along with the call date, call duration, and caller name to the C&C server.
Also, it log’s every SMS message with body and sender, then submit with the C&C server.
Another interesting option is the camera usage, it uses both front or the rear camera to take photos and the same sent to the C&C server.
Also, it transfers the GPS Coordinates(Latitude and Longitude) and submits to the C&C server.
To read the original article: