typographyimages / Pixabay
Security agency ‘Bitdefender’ has identified a Android spyware, dubbed ‘Triout’, “which appears to act as a framework for building extensive surveillance capabilities into seemingly benign applications.”
According to a blog post by Bitdefender, Triout, found bundled with a repackaged app, the spyware’s surveillance capabilities involve hiding its presence on the device, recording phone calls, logging incoming text messages, re-coding videos, taking pictures & collecting GPS coordinates, then broadcasting all of that to an attacker-controlled C&C (command and control) server.
The Android malware Triout, which was detected by Bitdefender’s Machine Learning (ML) algorithms, was 1st submitted from Russia, & most scans/reports came from Israel.
A subsequent investigation revealed that the spyware has the following capabilities:
- Records every phone call (literally the conversation as a media file), then sends it together with the caller id to the C&C (incall3.php and outcall3.php)
- Logs every incoming SMS message (SMS body & SMS sender) to C&C (script3.php)
- Has capability to hide self
- Can send all call logs (“content://call_log/calls”, info: callname, callnum, calldate, calltype, callduration) to C&C (calllog.php)
- Whenever the user snaps a picture, either with the front or rear camera, it gets sent to the C&C (uppc.php, fi npic.php orreqpic.php)
- Can send GPS coordinates to C&C (gps3.php)
