Nowadays, everyone has a smartphone, and the largest share of the market certainly belongs to Android. This explains why a growing number of cybercriminals are building threats that target Android devices exclusively. One of the most recently spotted malware strains designed for Android devices is called CallerSpy. The CallerSpy threat serves as a spying tool that gathers data on the targeted user. To propagate it freely, the creators of the CallerSpy malware have masked it as a messaging application. The CallerSpy threat poses as either ‘Apex App’ or ‘Chatrious.’ These fake applications were hosted on a website tailored to look like a genuine Google site specifically. The Web page in question had the ‘Gooogle(dot)press.’ domain name. Imitating a Google-related website is a very old trick used by countless cyber crooks through the years. The most common trick is adding an extra ‘o’ (as the fake page contains three ‘o’s instead of two) to the domain name because many users who are not very observant are likely not to spot anything wrong.
The CallerSpy malware is meant to operate rather silently and collect sensitive data from the compromised host for long durations of time. Malware experts have no determined whether the attackers are targeting a certain geographical region or a certain demographic. It is likely that they are simply trying to spread the CallerSpy threat as far and as wide as possible.
The CallerSpy threat has a decently sized list of capabilities. This espionage tool can:
- Take screencaps.
- Collect call logs.
- Record audio using the device’s microphone.
- Gather text messages and manage them.
- Browse and fetch files from the device.
- Grab contact details from the contact list.
The authors of the CallerSpy malware control it remotely via a C&C (Command & Control) server. The data that the CallerSpy threat gathers is transferred to the C&C server of the operators periodically.
The authors of the CallerSpy malware claim that they are working on new variants of the threat. These new projects are meant to target devices running Windows and iOS. If this is true, the creators of the CallerSpy threat will expand their reach greatly. However, this may be nothing more than a lie that would serve to make the fake pages hosting the CallerSpy threat appear more believable.
If you have an Android device, you should consider investing in an anti-malware application that will ensure the safety of your mobile phone/tablet seriously. Also, avoid downloading any applications from third-party websites because they are far more likely to be hosting threatening content.