BondPath

BondPath Description

BondPath is an Android malware threat designed to exfiltrate various private data from compromised devices. The same family of spyware is also known as PathCall or Dingwe. To circumvent too much attention from the users, BondPath masquerades as the legitimate Google Play Service by naming its process Google Play Store Service. Besides, the malware removes its application icon, and users will not notice its presence unless they start looking for it specifically. 

BondPath is equipped with a vast array of spyware functionality. Suppose it manages to infiltrate an Android device successfully. In that case, the threat can then start obtaining user data such as call logs, browser history, device information, contact lists, intercept incoming and outgoing SMS and make audio recordings. BondPath can enumerate the applications installed on the device, as well as the files stored on it. All collected data is then exfiltrated through HTTP to a server under the control of the hackers. 

Collecting Social Media Messages

Apart from what can be considered typical spyware functions, BondPath also can execute what can be regarded as more specialized functions. The threat can obtain the battery status of the device. At the same time, upon receiving the appropriate command from the Command-and-Control (C2, C&C) server, it will collect private conversations and messages from social applications. Among the targets are WhatsApp, Skype, Viber, Twitter, Hotmail, Gmail, Line, Facebook and BBM. The criminals behind BondPath also may receive active updates about the device's location through the GPS service.