MORE than 20 apps that secretly spy on people through their phones have been exposed by cyber-security experts.
Disguised as legitimate apps for activities such as yoga, the dodgy downloads record video and audio and steal contacts, images, messages, and more.
2
That’s because they’re loaded with PhoneSpy, a piece of software that snoops on people on the sly, researchers from Zimperium report.
In a blog post published last week, the US security firm revealed that more than 1,000 Android users have been infected with the newly discovered malware.
In total, 23 PhoneSpy apps were unearthed. They were not available on the Play Store, Google’s official app store for the billions of phones that use its Android operating system.
Instead, it’s believed they were passed from one device to another through dodgy links sent in emails or text messages.
The infected devices are all based in South Korea, although researchers have not ruled out that infections have taken place in other countries.
“These malicious Android apps are designed to run silently in the background, constantly spying on their victims without raising any suspicion,” Zimperium researcher Aazim Yaswant wrote on November 10.
“We believe the malicious actors responsible for PhoneSpy have gathered significant amounts of personal and corporate information on their victims, including private communications and photos.”
PhoneSpy apps identified by the team were dressed up as apps for learning yoga, viewing pictures, watching TV, and other activities.
Once on a device, the malware gains access to the user’s camera, GPS location, text messages, phones contacts and more.
It can also pinch your passwords for your Facebook, Instagram and Google accounts.
It’s thought that the malware may spread by using infected devices to send malicious links to contacts saved on it.
According to Zimperium, it’s possible that victims know one another personally or are connected through work or other affiliations.
The security firm is unsure who is behind the attacks. It has notified and submitted all relevant threat data to US and South Korean authorities.
To avoid falling afoul of PhonySpy or similar malware, be wary of installing apps outside of the Play Store.
Google’s app marketplace has security checks in place that block most malware from reaching its pages.
Apps from third-party stores are not necessarily subjected to the same level of scrutiny, making them a risky download.
2
I found a WhatsApp scam that can hack you in seconds – don’t fall for this
In other news, a 75-year-old Brit has told of his anger after scammers on WhatsApp fooled him into sending them hundreds of pounds.
Google Chrome users are being warned to delete the browser amid fears highly sensitive data is being harvested.
Facebook has announced that it’s changing its name to “Meta”.
The company is working to create lifelike avatars of its users that they can control in a virtual world called the “metaverse”.
We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]
This post first appeared on Thesun.co.uk
