Tuesday, January 14, 2025
HomeAndroidCallerSpy Android Malware Advertised as Chat App Steals Call Logs, SMS, Contacts...

CallerSpy Android Malware Advertised as Chat App Steals Call Logs, SMS, Contacts & Files on the Infected Device

Published on

Researchers observed a new malware family in May involved in various cyberespionage campaigns advertised as a chat app dubbed “Chatrious” downloaded from the malicious website by clicking the download button on the site.

The campaign back in action again with a different app called “Apex App”, that steals the user’s infection on the affected device. Trend Micro detected the threat as AndroidOS_CallerSpy.HRX.

CallerSpy
Two malicious apps

CallerSpy Malware Distribution

CallerSpy distributed as a chat app when the app launched in the victim device connects with the C&C server via Socket.IO and to monitor commands from the C&C server. Also, it schedules new tasks by using Evernote for stealing information.

CallerSpy commands
malware functions

The malware is capable of stealing various information such as call logs, SMSs, contacts, and files on the device. It also takes screenshots of the infected device and later sends it to the C&C server.

According to Trend Micro research “The malware creates a local storage on the infected device and they will be uploaded to the C&C server periodically, it looks for the following file formats in the infected device that includes jpg, jpeg, png, docx, xls, xlsx, ppt, pptx, pdf, doc, txt, csv, aac, amr, m4a, opus, wav, and amr.”

All the collected data encoded as Base64 and the data uploaded to the C&C server. To trick the users the threat actors used typo squatted domain gooogle[.]press.

Researchers able to find four C&C IP addresses hosted on the legitimate service and they are connected with port 3000. The malicious app doesn’t provide any user interface (UI) and it uses only the default android app icon labeled as the rat.

Available forms

The download section of the malicious page provides options to download the app indicating Apple, Android and Windows platforms. But now the app supports only for the Android device.

The good news is that the app is not available to download from the play store and the victims of the malware are still unclear.

Also Read: StrandHogg – Hackers Aggressively Exploiting New Unpatched Android OS Vulnerability in Wide Using Malware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...

Microsoft Warns of MFA Issue Affecting Microsoft 365 users

Microsoft has issued a warning regarding an ongoing issue with Multi-Factor Authentication (MFA) that...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Hackers Attacking Internet Connected Fortinet Firewalls Using Zero-Day Vulnerability

A widespread campaign targeting Fortinet FortiGate firewall devices with exposed management interfaces on the...

Critical macOS Vulnerability Lets Hackers to Bypass Apple’s System Integrity Protection

Microsoft Threat Intelligence has uncovered a critical macOS vulnerability that allowed attackers to bypass...

CISA Released A Free Guide to Enhance OT Product Security

To address rising cyber threats targeting critical infrastructure, the U.S. Cybersecurity and Infrastructure Security...