Skip to main content

Android Malware Could Access Your Pictures And Calls

By August 31, 2018June 3rd, 2022Cybersecurity

Android users have a new threat to contend with, according to a sixteen-page whitepaper outlining a new malware strain.

The paper was published by a group of security researchers working for Bitdefender. They identified a robust new strain of malware called “Triout.”

According to the report, although they just discovered the malware a month ago, there are indications that it has been in use since at least mid-May of this year.

Among other things, it can:

  • Steal call log data
  • Collect and steal SMS messages
  • Record every call taking place on the phone
  • Upload recordings of those calls to a remote server
  • Send the phone’s GPS coordinates to a remote server
  • Upload a copy of every picture taken with the phone’s camera to a remote server
  • Hide from the user’s view

These are robust, highly advanced features that require extensive, detailed knowledge of the Android OS.  Typically, malware of this type is used by nation-state hackers with deep pockets, or by well-heeled networks of cybercriminals.  At this point, there’s no clear indication which category Triout’s creators fall into.

The malware strain has been found masquerading as a legitimate app, but the team has been unable to trace it back to its source of origin.  At this point, there’s no clear indication where it’s coming from.  The first sample was uploaded to VirusTotal from Russia, but subsequent samples were uploaded from an Israeli IP address.

The researchers note that despite its advanced feature set, the group responsible appears to have made a mistake:

“What is striking…is that it’s completely unobfuscated, meaning that simply by unpacking the cloned app’s .apk file, full access to the source code becomes available….this could suggest that the Triout framework may be a work-in-progress, with developers testing features and compatibility with devices.”

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.