A new Android malware strain dubbed Triout found bundled with a repackaged app contains surveillance capabilities and ability to hide the presence in the device.
Security researchers from Bitdefender identified the new Triout malware that contains extensive surveillance capabilities. The malware appears to be first uploaded to virustotal from Russia and most came from Israel.
The Triout malware is a cloned version of the original app that has been removed from Google play in 2016, researchers unclear about how the malware is being distributed, possibly it could be through third-party app stores or through the sites controlled by attackers.
Researchers said in the report that the framework may be a work-in-progress, with developers testing features and compatibility with devices.
Triout – Spyware Framework for Android with Extensive Surveillance Capabilities https://t.co/f2HZG9JwUs
— BitdefenderLabs (@BitdefenderLabs) August 22, 2018
Triout Malware Capabilities
It is completely unobfuscated and the C&C servers are still active since May 2018 and it communicates to the C&C server through a single hardcoded IP.
The Spyware records every incoming/outgoing call, and then it sends along with the call date, call duration, and caller name to the C&C server.
Also, it log’s every SMS message with body and sender, then submit with the C&C server.
Another interesting option is the camera usage, it uses both front or the rear camera to take photos and the same sent to the C&C server.
Also, it transfers the GPS Coordinates(Latitude and Longitude) and submits to the C&C server.
Common Defences and Mitigations
- Give careful consideration to the permission asked for by applications.
- Download applications from trusted sources.
- Stay up with the latest version.
- Encrypt your devices.
- Make frequent backups of important data.
- Install anti-malware on their devices.
- Stay strict with CIA Cycle.